Hi, First of all, thanks for the neat software you guys make. Our organization is rolling out a mobile pc platform, we want some types of log events stored on a centralized server which is only reachable from the inside of our corporate network. So when the machine is not inside our network, the log entries need to be stored locally until such time as the centralized server is reachable. Then the logs get sent through. Can we do this with syslog-ng? From the features listed at your home page it would seem this is a standard feature... Is that right? -- maarten
I'd use a tree style log directory (/var/log/HOSTS/hostname/yyyy/mm/dd/loglevel), and then rsync to your central server when a connection is available. That way you're syncing full files, not one monolithic log file that changes while you read it. Russell On Wed, Aug 25, 2004 at 06:02:45PM +0200, Maarten Thibaut wrote:
Hi,
First of all, thanks for the neat software you guys make.
Our organization is rolling out a mobile pc platform, we want some types of log events stored on a centralized server which is only reachable from the inside of our corporate network.
So when the machine is not inside our network, the log entries need to be stored locally until such time as the centralized server is reachable. Then the logs get sent through.
Can we do this with syslog-ng? From the features listed at your home page it would seem this is a standard feature... Is that right?
-- maarten _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
* Russell Adams <RLAdams@Kelsey-Seybold.com>
I'd use a tree style log directory (/var/log/HOSTS/hostname/yyyy/mm/dd/loglevel), and then rsync to your central server when a connection is available.
Agreed, though for laptops using a hostname might be difficult; the hostname of my OS X laptop changes quite often. Maybe set a hostname or other ID to use via a configuration system instead of using the "official" hostname.
That way you're syncing full files, not one monolithic log file that changes while you read it.
Yes, messages.x rotation does not work at all with rsync.
Actually, your laptop wouldn't be a problem. If you have a dynamic hostname, don't include the hostname in the path. Your laptop isn't running a syslog-ng server in order to centralize logs from multiple hosts... So just use /var/log/yyyy/mm/dd/loglevel. Then rsync that to a specific hostname directory on your central logserver (/var/log/HOSTS/hostname). Issue resolved. BTW, for reporting from trees of log files, I highly recommend Logmuncher ( http://www.cs.hmc.edu/~geoff/logmuncher.html ) for scanning log files. Its got a few features that allow it to grab messages from recent logs in log trees. Russell On Wed, Aug 25, 2004 at 01:56:13PM -0700, Jeremy Mates wrote:
* Russell Adams <RLAdams@Kelsey-Seybold.com>
I'd use a tree style log directory (/var/log/HOSTS/hostname/yyyy/mm/dd/loglevel), and then rsync to your central server when a connection is available.
Agreed, though for laptops using a hostname might be difficult; the hostname of my OS X laptop changes quite often. Maybe set a hostname or other ID to use via a configuration system instead of using the "official" hostname.
That way you're syncing full files, not one monolithic log file that changes while you read it.
Yes, messages.x rotation does not work at all with rsync. _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
participants (3)
-
Jeremy Mates
-
Maarten Thibaut
-
Russell Adams