Hi I am setting up a bunch of vserver machines on a single host (basically just a fancy chroot setup) - just looking for advice on a decent setup. 1) Would prefer not to run multiple instances of syslogd in each vserver if possible (no special reason, just seems pointless). 2) Each vserver runs multiple processes, so need a fairly fully featured set of logging for each 3) Want to keep the logs readonly, or basically untouchable in the vservers So I tried a) setting up the host system to run the /vserver/xxx/dev/log as it's source b) using destinations of the form: "/var/log/$HOST/messages", "/var/log/$HOST/mail.log", etc However, this doesn't seem to work because $HOST always shows the same name for every vhost (actually it has the name of the host server) I tried setting up syslog-ng in each vserver to log via a unix-stream to the host and again this has the same issue $HOST is always the same as the host machine What does seem to work is running syslog-ng in each vhost and logging via TCP. OR using duplicating my destination {} and log{} stanzas for every single vserver, ie basically filtering on the source{}. However, this later option seems error prone and boring to maintain, the former option seems to need extra resources and unneccesarily complicated for such a simple setup What I really want is some way that I can set some MACRO in the "source{}" stanza and then use that later on in my destinations{} - is this possible? Any other ways to achieve this? Actually I can't find any way to define custom macros, but this feature would seem to solve a lot of configuration scenarios? Grateful for any pointers Ed W
Hi, Ed W <lists@wildgooses.com> [20070903 22:24:13 +0100]:
I am setting up a bunch of vserver machines on a single host (basically just a fancy chroot setup) - just looking for advice on a decent setup.
1) Would prefer not to run multiple instances of syslogd in each vserver if possible (no special reason, just seems pointless). 2) Each vserver runs multiple processes, so need a fairly fully featured set of logging for each 3) Want to keep the logs readonly, or basically untouchable in the vservers
So I tried
a) setting up the host system to run the /vserver/xxx/dev/log as it's source b) using destinations of the form: "/var/log/$HOST/messages", "/var/log/$HOST/mail.log", etc
However, this doesn't seem to work because $HOST always shows the same name for every vhost (actually it has the name of the host server)
[snipped]
What I really want is some way that I can set some MACRO in the "source{}" stanza and then use that later on in my destinations{} - is this possible? Any other ways to achieve this? Actually I can't find any way to define custom macros, but this feature would seem to solve a lot of configuration scenarios?
For my multicast logging I wanted to be lazy and log depending on the *destination* IP address[1] rather than the source IP; in multicast you group the services together under a single multicast group address (for example all mail server logging goes to 239.234.234.32). I cobbled together a patch that lets you use $DESTIP as a macro. http://marc.info/?l=syslog-ng&m=116136122419201&w=2 http://marc.info/?l=syslog-ng&m=118545979625151&w=2 I keep lightly prodding Bazsi to re-write it properly[2] and I am sure he will someday but is this the sort of thing useful to you. If you bind to each vserver IP seperately on your host machine[3] you should find using $DESTIP in your macro's works nicely. To map IP's to friendly names I would recommend softlinks in the filesystem personally. Cheers Alex [1] this keeps the syslog-ng.conf file very simple and I do not have to specify and keep up to date a list of source addresses; it is all mapped to a single destination group address [2] but it is complicated as to do it properly you would have to use IP(V6)_PKTINFO, or for *BSD people its IP_RECVDSTADDR and from when I was looking through the code there is not much opportunity to get this kind of data to the macro sub-system without some framework reworking/rejuggling [3] so seperate 'udp(ip(w.x.y.x) port(514));' in the source{} section for each vserver IP otherwise this patch will set $DESTIP to '0.0.0.0'
I cobbled together a patch that lets you use $DESTIP as a macro.
DESTIP would be good, but it could also be done if it were possible to use something to do with the "source()" as a macro as well However, most flexible solution seems to be some kind of global filter which is run per message and allows you to set macros dynamically Cheers Alex (our paths haven't crossed for some time now...) Ed W
participants (2)
-
Alexander Clouter
-
Ed W