Can anyone provide some sample configurations for Redhat 7.1 systems, both as a central log server and it's clients? I'm about to roll out about 130 linux boxes pretty soon, all vpn clients with various other functions, and would like to maintain a central log repository. syslog-ng looks like my best bet (I'd rather have tcp than udp, just to avoid the possibility of lost logs in case of flaky lines). Unfortunately, I don't have the time for a lot of experimentation. Thanks, -- Bradley Hartin - bhartin@straus-frank.com Network and Communications Administrator Straus-Frank Company
On Tue, 2001-12-04 at 17:08, Bradley Hartin wrote:
Can anyone provide some sample configurations for Redhat 7.1 systems, both as a central log server and it's clients?
I'm about to roll out about 130 linux boxes pretty soon, all vpn clients with various other functions, and would like to maintain a central log repository. syslog-ng looks like my best bet (I'd rather have tcp than udp, just to avoid the possibility of lost logs in case of flaky lines). Unfortunately, I don't have the time for a lot of experimentation.
we implemented a neat system: it takes the logs from all the machines and the re-outputs them into a hostdirectory/hostname/red hat log file format so if a machine was named roma then we had: /var/log/hosts/roma messages daemon.log cron.log boot.log maillog spooler etc etc for each machine. this handles about 150 hosts you can look at that config here: http://www.dulug.duke.edu/~skvidal/syslog-ng/phy/syslog-ng.conf -sv
On 4 Dec 2001, seth vidal wrote:
we implemented a neat system: it takes the logs from all the machines and the re-outputs them into a
hostdirectory/hostname/red hat log file format
That sounds perfect--we will eventually roll out many more systems than the initial 130, and this will help a lot. Thanks! -- Bradley Hartin - bhartin@straus-frank.com Network and Communications Administrator Straus-Frank Company
On Tue, 2001-12-04 at 20:35, Bradley Hartin wrote:
On 4 Dec 2001, seth vidal wrote:
we implemented a neat system: it takes the logs from all the machines and the re-outputs them into a
hostdirectory/hostname/red hat log file format
That sounds perfect--we will eventually roll out many more systems than the initial 130, and this will help a lot.
I did some magic with logrotate to rotate the logs too if you have a need for that I'll pull the logrotate snippet and send it in. -sv
Can anyone provide some sample configurations for Redhat 7.1 systems, both as a central log server and it's clients?
This conf duplicates the default RedHat: # syslog-ng.conf options { long_hostnames(off); sync(0); }; source syslog { internal(); file(/proc/kmsg); unix-stream(/dev/log); udp(ip(0.0.0.0) port(514)); }; destination secure { file(/var/log/secure); }; destination messages { file(/var/log/messages); }; destination cron { file(/var/log/cron); }; destination maillog { file(/var/log/maillog); }; destination boot.log { file(/var/log/boot.log); }; destination console { file(/dev/console); }; filter f_console{ facility(kern) or level(emerg); }; filter f_messages { level(info..warn) and not facility(authpriv, mail, cron); }; filter f_authpriv { facility(authpriv); }; filter f_mail { facility(mail); }; filter f_cron { facility(cron); }; filter f_local7 { facility(local7); }; # kern.* /dev/console # *.emerg * log { source(syslog); filter(f_console); destination(console); }; # *.info;mail.none;authpriv.none;cron.none /var/log/messages log { source(syslog); filter(f_messages); destination(messages); }; # authpriv.* /var/log/secure log { source(syslog); filter(f_authpriv); destination(secure); }; # mail.* /var/log/maillog log { source(syslog); filter(f_mail); destination(maillog); }; # cron.* /var/log/cron log { source(syslog); filter(f_cron); destination(cron); }; # local7.* /var/log/boot.log log { source(syslog); filter(f_local7); destination(boot.log); }; And this is the SysV init script to put it /etc/init.d/: (note it uses the original syslogd.pid so you don't have to reconfigure anythingelse, like logrotate, etc.; you can also put configuration options in /etc/sysconfig/syslog-ng, just like syslog) #!/bin/bash # # syslog-ng Starts syslog-ng/klogd. # # Source function library. . /etc/init.d/functions [ -f /sbin/syslog-ng ] || exit 0 [ -f /sbin/klogd ] || exit 0 # Source config if [ -f /etc/sysconfig/syslog-ng ] ; then . /etc/sysconfig/syslog-ng else SYSLOG_NG_OPTIONS="-p /var/run/syslogd.pid -f /etc/syslog- ng.conf" KLOGD_OPTIONS="-2" fi RETVAL=0 umask 077 start() { echo -n $"Starting system logger: " daemon syslog-ng $SYSLOG_NG_OPTIONS RETVAL=$? echo echo -n $"Starting kernel logger: " daemon klogd $KLOGD_OPTIONS echo [ $RETVAL -eq 0 ] && touch /var/lock/subsys/syslog-ng return $RETVAL } stop() { echo -n $"Shutting down kernel logger: " killproc klogd echo echo -n $"Shutting down system logger: " killproc syslog-ng RETVAL=$? echo [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/syslog-ng return $RETVAL } rhstatus() { status syslog-ng status klogd } restart() { stop start } case "$1" in start) start ;; stop) stop ;; status) rhstatus ;; restart|reload) restart ;; condrestart) [ -f /var/lock/subsys/syslog-ng ] && restart || : ;; *) echo $"Usage: $0 {start|stop|status|restart|condrestart}" exit 1 esac exit $?
On Tue, 4 Dec 2001, Jay Guerette wrote:
This conf duplicates the default RedHat:
Even better--I meant to ask about both duplicating RedHat's default and a more proper init script for it. I'll probably meld this one with bits from Seth's methods of splitting up the directories. Thanks! -- Bradley Hartin - bhartin@straus-frank.com Network and Communications Administrator Straus-Frank Company
participants (3)
-
Bradley Hartin
-
Jay Guerette
-
seth vidal