logging from 20 hosts - syslog-ng - lists.balabit.hu

newer
not match problem once again

logging from 20 hosts

older
RE: [syslog-ng]logging from 20...

Dennis Kruyt

20 Mar 2001 20 Mar '01

1:55 p.m.

Hi, What sould be the best solution with syslog-ng for logging about 20 hosts to one log machine and to sort them on that machine. Has someone done this before???? Dennis Kruyt, ZXFactory BV Telefoonweg 44b 6712 GD EDE The Netherlands T +31 138 693 111 F +31 139 693 042 I www.zxfactory.nl

Attachments:

attachment.html (text/html — 881 bytes)

Show replies by date

matthew.hoskins＠njit.edu

20 Mar 20 Mar

2:13 p.m.

Yes, there are a number of solutions. We log about about 58 various Solaris/Linux hosts to a number of dedicated central logging systems. One cool solution is in your syslog-ng.conf: file( "/var/logs/$YEAR/$MONTH/$DAY/$HOST.$FACILITY.log" create_dirs(yes)); It will create a series of dirs like above, also you may like: file( "/var/logs/$HOST/$YEAR/$MONTH/$DAY/$FACILITY.log" create_dirs(yes)); One reason we like this so much is there is no need for external log-rotation. Its all built into syslog-ng. (Nice work devel'ers, we really like that feature) Other than that, just have a machine/network that can keep up with the log traffic ;-) -Matt Quoting Dennis Kruyt <d.kruyt@zx.nl>:

Hi,

What sould be the best solution with syslog-ng for logging about 20 hosts to one log machine and to sort them on that machine. Has someone done this before????

Dennis Kruyt,

ZXFactory BV Telefoonweg 44b 6712 GD EDE The Netherlands T +31 138 693 111 F +31 139 693 042 I www.zxfactory.nl

================================= When all you have is a hammer, Everything looks like a nail.

Gregor Binder

3:25 p.m.

matthew.hoskins@njit.edu on Tue, Mar 20, 2001 at 09:13:56AM -0500:

file( "/var/logs/$HOST/$YEAR/$MONTH/$DAY/$FACILITY.log" create_dirs(yes));

One reason we like this so much is there is no need for external log-rotation. Its all built into syslog-ng. (Nice work devel'ers, we really like that feature)

yep, good stuff Balasz :) All you have to add is a cronjob using find -mtime (or something like this, to send your logs to post-processing, move them into an archive, on tape, or simply delete them) and you're done. Haven't had a full log disk for some time :) greetings, -- Gregor Binder <gregor.binder@sysfive.com> http://sysfive.com/ sysfive.com GmbH UNIX. Networking. Security. Applications. PGP id: 0x20C6DA55 fp: 18AB 2DD0 F8FA D710 1EDC A97A B128 01C0 20C6 DA55

8940

Age (days ago)

8940

Last active (days ago)

Download

2 comments

3 participants

tags

participants (3)

Dennis Kruyt
Gregor Binder
matthew.hoskins＠njit.edu