connecting to syslog-ng
Hi there! Is there a way to connect to a syslog-ng on a machine via a client to receive the events? ...as opposed to just having the syslog-ng pushing the event to another machine all the time. Basically I want only to connect to those machines running syslog-ng in certain situations. Like ssh root@machine tail -f /var/log/messages ...without the need for a ssh account cheers -- Torsten
On Fri, 2006-09-22 at 15:01 +0200, Torsten Curdt wrote:
Hi there!
Is there a way to connect to a syslog-ng on a machine via a client to receive the events? ...as opposed to just having the syslog-ng pushing the event to another machine all the time.
is there a persistent network connection between these two computers?
Basically I want only to connect to those machines running syslog-ng in certain situations. Like
ssh root@machine tail -f /var/log/messages
...without the need for a ssh account
what do you think are the advantages are to avoiding ssh? -- Matt Zagrabelny - mzagrabe@d.umn.edu - (218) 726 8844 University of Minnesota Duluth Information Technology Systems & Services PGP key 1024D/84E22DA2 2005-11-07 Fingerprint: 78F9 18B3 EF58 56F5 FC85 C5CA 53E7 887F 84E2 2DA2 He is not a fool who gives up what he cannot keep to gain what he cannot lose. -Jim Elliot
Is there a way to connect to a syslog-ng on a machine via a client to receive the events? ...as opposed to just having the syslog-ng pushing the event to another machine all the time.
is there a persistent network connection between these two computers?
Yes!
Basically I want only to connect to those machines running syslog-ng in certain situations. Like
ssh root@machine tail -f /var/log/messages
...without the need for a ssh account
what do you think are the advantages are to avoiding ssh?
Deployment and security related. Just no option to give ssh access to dozens of developers just to read the logs. Those machines are as locked up as possible. cheers -- Torsten
On Fri, 2006-09-22 at 15:42 +0200, Torsten Curdt wrote:
Is there a way to connect to a syslog-ng on a machine via a client to receive the events? ...as opposed to just having the syslog-ng pushing the event to another machine all the time.
is there a persistent network connection between these two computers?
Yes!
Basically I want only to connect to those machines running syslog-ng in certain situations. Like
ssh root@machine tail -f /var/log/messages
...without the need for a ssh account
what do you think are the advantages are to avoiding ssh?
Deployment and security related. Just no option to give ssh access to dozens of developers just to read the logs. Those machines are as locked up as possible.
how are you going to provide access control to the logs from the client machines. to my knowledge, syslog-ng doesnt provide any access control mechanisms, at least the kind you are talking about. you can restrict the commands being run with ssh keys. this might be an adequate solution for you. -- Matt Zagrabelny - mzagrabe@d.umn.edu - (218) 726 8844 University of Minnesota Duluth Information Technology Systems & Services PGP key 1024D/84E22DA2 2005-11-07 Fingerprint: 78F9 18B3 EF58 56F5 FC85 C5CA 53E7 887F 84E2 2DA2 He is not a fool who gives up what he cannot keep to gain what he cannot lose. -Jim Elliot
Basically I want only to connect to those machines running syslog-ng in certain situations. Like
ssh root@machine tail -f /var/log/messages
...without the need for a ssh account
what do you think are the advantages are to avoiding ssh?
Deployment and security related. Just no option to give ssh access to dozens of developers just to read the logs. Those machines are as locked up as possible.
how are you going to provide access control to the logs from the client machines. to my knowledge, syslog-ng doesnt provide any access control mechanisms, at least the kind you are talking about.
Syslog-ng is only available on an internal interface ...that's good enough.
you can restrict the commands being run with ssh keys. this might be an adequate solution for you.
Not really ..."no ssh" is the call cheers -- Torsten
Hi, Torsten Curdt <tcurdt@vafer.org> [20060922 15:42:09 +0200]:
[snipped]
Basically I want only to connect to those machines running syslog-ng in certain situations. Like
ssh root@machine tail -f /var/log/messages
...without the need for a ssh account
what do you think are the advantages are to avoiding ssh?
Deployment and security related. Just no option to give ssh access to dozens of developers just to read the logs. Those machines are as locked up as possible.
Well I helped in adding multicast logging support to syslog-ng for two reasons: 1. makes for an effective and very easy way to have a cluster logging system 2. you can 'tune in' to the logging messages you want from anywhere I think its the latter that you would be interested in particularly. Although I have multicast logging setup here at work I have yett to get around to write the 'tuning in' perl script that will stream the logs to the local machine, so what you would type on the developer machines is: $ ./syslog-mc.pl 239.239.12.13 514 | grep cheese which would display live all the lines with cheese that are being streamed to the multicast address 239.239.12.13 (port 514). If you grovel suitably I'll get around to writing[1] the tuning in script sooner rather than later ;) Is this what you are after? syslog-ng would still run on the logging box but you would broadcast to multicast groups your streams. Cheers Alex [1] its easy enough, I have all the multicast perl joining functions written already that I used for other work related multicast projects
cheers -- Torsten _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
2. you can 'tune in' to the logging messages you want from anywhere
Haha! :-)
I think its the latter that you would be interested in particularly. Although I have multicast logging setup here at work I have yett to get around to write the 'tuning in' perl script that will stream the logs to the local machine, so what you would type on the developer machines is:
$ ./syslog-mc.pl 239.239.12.13 514 | grep cheese
That would be awesome! Exactly what I was after. Was more thinking about a standard tcp/udp connection but why not multicast...
which would display live all the lines with cheese that are being streamed to the multicast address 239.239.12.13 (port 514).
If you grovel suitably I'll get around to writing[1] the tuning in script sooner rather than later ;)
Hehehe
Is this what you are after? syslog-ng would still run on the logging box but you would broadcast to multicast groups your streams.
This sounds pretty good! ...I will check with my folks and then might begin to grovel ...or to contribute ;-) cheers -- Torsten
Hi, Torsten Curdt <tcurdt@vafer.org> [20060923 09:35:30 +0200]:
2. you can 'tune in' to the logging messages you want from anywhere
Haha! :-)
I think its the latter that you would be interested in particularly. Although I have multicast logging setup here at work I have yett to get around to write the 'tuning in' perl script that will stream the logs to the local machine, so what you would type on the developer machines is:
$ ./syslog-mc.pl 239.239.12.13 514 | grep cheese
That would be awesome! Exactly what I was after. Was more thinking about a standard tcp/udp connection but why not multicast...
Well you will need multicast support if you have to cross subnet's/routers however if its all on the same subnet you could get away with the recent broadcast support added and pick your particular log by port number. The disavantage of this is that *every* machine on the subnet will receive the packets whether they want them or not. The multicast approach obviously is cleaner for several reasons, also if you have developers wanting to do this from across a VPN then multicast is the only way to go about doing this.
which would display live all the lines with cheese that are being streamed to the multicast address 239.239.12.13 (port 514).
If you grovel suitably I'll get around to writing[1] the tuning in script sooner rather than later ;)
Hehehe
Is this what you are after? syslog-ng would still run on the logging box but you would broadcast to multicast groups your streams.
This sounds pretty good! ...I will check with my folks and then might begin to grovel ...or to contribute ;-)
Its actually rather straight forward to do and its only something I have not done yet as the logging cluster is not being extensively used yet. If someone else has a use for it then I'll get around to it sooner rather than later. However if you cannot wait it seems someone has made a multicast enabled netcat: http://code.google.com/p/mnc/ You will be able to use this to do something very similar, it also says that it works under windoze aswell. Cheers Alex
cheers -- Torsten _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
Hi, Sorry about replying to my own post but: Alexander Clouter <ac56@soas.ac.uk> [20060923 11:07:14 +0100]:
[snipped]
Is this what you are after? syslog-ng would still run on the logging box but you would broadcast to multicast groups your streams.
This sounds pretty good! ...I will check with my folks and then might begin to grovel ...or to contribute ;-)
Its actually rather straight forward to do and its only something I have not done yet as the logging cluster is not being extensively used yet. If someone else has a use for it then I'll get around to it sooner rather than later.
However if you cannot wait it seems someone has made a multicast enabled netcat:
You will be able to use this to do something very similar, it also says that it works under windoze aswell.
Well I got around to writing my perl script to do this: http://www.digriz.org.uk/syslog-mc Everything should be self explanatory, its rather verbose at the top of the file. Code is licenced under the GPL licence and probably would be suitable to become a 'contrib' part of syslog-ng if Balazs approves :) Any problems do email me but really its just a case of typing: $ ./syslog-mc 239.194.253.8 5514 Remember if you are sending syslog messages to a port number below 1024 you will need to run the script as root. Cheers Alex
Well I got around to writing my perl script to do this:
Very nice; heck this is even readable & maintainable Perl code. Maybe you might want to adapt your port-range checking to only go to 65535 instead of 66535. And one little s/its/it's/ conversion will make it perfect :). Best regards, Roberto Nibali, ratz
Hi, Roberto Nibali <ratz@drugphish.ch> [20060926 10:54:42 +0200]:
Well I got around to writing my perl script to do this:
Very nice; heck this is even readable & maintainable Perl code.
...making it bad perl code, its ment to be a write only language I hear :)
Maybe you might want to adapt your port-range checking to only go to 65535 instead of 66535. And one little s/its/it's/ conversion will make it perfect :)
Damn those typos and my terrible grammar. I have uploaded a new version with these corrections and a few other minor tweaks and error handling cleanups. Cheers Alex
On Mon, 2006-09-25 at 12:27 +0100, Alexander Clouter wrote:
Alexander Clouter <ac56@soas.ac.uk> [20060923 11:07:14 +0100]:
[snipped]
Is this what you are after? syslog-ng would still run on the logging box but you would broadcast to multicast groups your streams.
This sounds pretty good! ...I will check with my folks and then might begin to grovel ...or to contribute ;-)
Its actually rather straight forward to do and its only something I have not done yet as the logging cluster is not being extensively used yet. If someone else has a use for it then I'll get around to it sooner rather than later.
However if you cannot wait it seems someone has made a multicast enabled netcat:
You will be able to use this to do something very similar, it also says that it works under windoze aswell.
Well I got around to writing my perl script to do this:
http://www.digriz.org.uk/syslog-mc
Everything should be self explanatory, its rather verbose at the top of the file. Code is licenced under the GPL licence and probably would be suitable to become a 'contrib' part of syslog-ng if Balazs approves :)
Any problems do email me but really its just a case of typing:
$ ./syslog-mc 239.194.253.8 5514
Remember if you are sending syslog messages to a port number below 1024 you will need to run the script as root.
Thanks for your contribution. I added it to the contrib directory. -- Bazsi
On Fri, 22 Sep 2006 15:01:19 +0200, Torsten Curdt said:
Is there a way to connect to a syslog-ng on a machine via a client to receive the events? ...as opposed to just having the syslog-ng pushing the event to another machine all the time.
OK, riddle me this - why *cant* you do the following: 1) Have a specific filter for the event in question. 2) Log those events to a remote machine - the developer's workstation. 3) They then run a syslog daemon on their workstation, and 4) The can tail -f /var/log/their-messages to their heart's content.
participants (6)
-
Alexander Clouter
-
Balazs Scheidler
-
Matt Zagrabelny
-
Roberto Nibali
-
Torsten Curdt
-
Valdis.Kletnieks@vt.edu