Need help to send logs to a different server
Hi, We have syslog-ng configuration as follows: - There are 50 clients communicating to one log server - The log server is kept in secured place where nobody have access - All the logs of 50 clients are coming to the log server and the logs are kept as follow /var/log/syslog-ng/<client host>/extended.log We want all the log of each client to relay into a seperate server live. Means the current log file of each host will go to the new server simultaneously as it is going to the central log server. We can configure a second log server like the existing one. But our requirement is, that all the logs will be received from the central log server not from the client hosts. Any help is really appreciated. Thanks
in the client,you can define many remote log server simultaneously.syslog and syslog-ng all support this function. You can find in the manual:) 谢谢! 刘蕊红 |sys|6758 -----邮件原件----- 发件人: syslog-ng-bounces@lists.balabit.hu [mailto:syslog-ng-bounces@lists.balabit.hu] 代表 Swapna 发送时间: 2008年12月5日 4:17 收件人: syslog-ng@lists.balabit.hu 主题: [syslog-ng] Need help to send logs to a different server Hi, We have syslog-ng configuration as follows: - There are 50 clients communicating to one log server - The log server is kept in secured place where nobody have access - All the logs of 50 clients are coming to the log server and the logs are kept as follow /var/log/syslog-ng/<client host>/extended.log We want all the log of each client to relay into a seperate server live. Means the current log file of each host will go to the new server simultaneously as it is going to the central log server. We can configure a second log server like the existing one. But our requirement is, that all the logs will be received from the central log server not from the client hosts. Any help is really appreciated. Thanks ____________________________________________________________________________ __ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
Yes , from the client we can , but I think if you read my mail properly, I clearly written that my requirement is NOT, to get the logs from the client. I want to set one server , which will get all the information from the central log master. Yes , I know it can be done through ssh/rsync. But I wanted to know , if there is any option in syslog-ng . Thanks --- On Fri, 12/5/08, liuruihong <liuruihong@baidu.com> wrote:
From: liuruihong <liuruihong@baidu.com> Subject: 答复: [syslog-ng] Need help to send logs to a different server To: swap_project@yahoo.com, "'Syslog-ng users' and developers' mailing list'" <syslog-ng@lists.balabit.hu> Date: Friday, December 5, 2008, 3:23 AM in the client,you can define many remote log server simultaneously.syslog and syslog-ng all support this function. You can find in the manual:)
谢谢!
刘蕊红 |sys|6758
-----邮件原件----- 发件人: syslog-ng-bounces@lists.balabit.hu [mailto:syslog-ng-bounces@lists.balabit.hu] 代表 Swapna 发送时间: 2008年12月5日 4:17 收件人: syslog-ng@lists.balabit.hu 主题: [syslog-ng] Need help to send logs to a different server
Hi,
We have syslog-ng configuration as follows:
- There are 50 clients communicating to one log server
- The log server is kept in secured place where nobody have access
- All the logs of 50 clients are coming to the log server and the logs are kept as follow
/var/log/syslog-ng/<client host>/extended.log
We want all the log of each client to relay into a seperate server live. Means the current log file of each host will go to the new server simultaneously as it is going to the central log server.
We can configure a second log server like the existing one. But our requirement is, that all the logs will be received from the central log server not from the client hosts.
Any help is really appreciated.
Thanks
____________________________________________________________________________ __ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
If the central syslog server is running syslog-ng you can just add another destination (live log server) to the already existing local files. log{ source (udp/tcp incoming); destination(new live log server); }; cheers /Marc On 07/12/08 16.03, "Lavannya" <swap_project@yahoo.com> wrote: Yes , from the client we can , but I think if you read my mail properly, I clearly written that my requirement is NOT, to get the logs from the client. I want to set one server , which will get all the information from the central log master. Yes , I know it can be done through ssh/rsync. But I wanted to know , if there is any option in syslog-ng . Thanks --- On Fri, 12/5/08, liuruihong <liuruihong@baidu.com> wrote:
From: liuruihong <liuruihong@baidu.com> Subject: 答复: [syslog-ng] Need help to send logs to a different server To: swap_project@yahoo.com, "'Syslog-ng users' and developers' mailing list'" <syslog-ng@lists.balabit.hu> Date: Friday, December 5, 2008, 3:23 AM in the client,you can define many remote log server simultaneously.syslog and syslog-ng all support this function. You can find in the manual:)
谢谢!
刘蕊红 |sys|6758
-----邮件原件----- 发件人: syslog-ng-bounces@lists.balabit.hu [mailto:syslog-ng-bounces@lists.balabit.hu] 代表 Swapna 发送时间: 2008年12月5日 4:17 收件人: syslog-ng@lists.balabit.hu 主题: [syslog-ng] Need help to send logs to a different server
Hi,
We have syslog-ng configuration as follows:
- There are 50 clients communicating to one log server
- The log server is kept in secured place where nobody have access
- All the logs of 50 clients are coming to the log server and the logs are kept as follow
/var/log/syslog-ng/<client host>/extended.log
We want all the log of each client to relay into a seperate server live. Means the current log file of each host will go to the new server simultaneously as it is going to the central log server.
We can configure a second log server like the existing one. But our requirement is, that all the logs will be received from the central log server not from the client hosts.
Any help is really appreciated.
Thanks
____________________________________________________________________________ __ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
Hi Mark, Thanks for your reply. I am getting error whatever configuration you had said. May be I need to change our existing configuration again. Here is the central log server configuration I am sending as attachment. Our central log server is already configured with tcp(ip(0.0.0.0) ip and when I am adding the new server to collect the log it is giving error. - I want to add another server (this is needed for some application ) to my central log server which will get all the logs from the central log server. Pl. feel free to correct the log file and send it to me. Thanks again --- On Mon, 12/8/08, Marc Andersen <man@inspektsecurity.com> wrote:
From: Marc Andersen <man@inspektsecurity.com> Subject: Re: [syslog-ng] 答复: Need help to send logs to a different server To: "Syslog-ng users' and developers' mailing list" <syslog-ng@lists.balabit.hu> Date: Monday, December 8, 2008, 8:04 AM If the central syslog server is running syslog-ng you can just add another destination (live log server) to the already existing local files.
log{ source (udp/tcp incoming); destination(new live log server); };
cheers /Marc
On 07/12/08 16.03, "Lavannya" <swap_project@yahoo.com> wrote:
Yes , from the client we can , but I think if you read my mail properly, I clearly written that my requirement is NOT, to get the logs from the client. I want to set one server , which will get all the information from the central log master. Yes , I know it can be done through ssh/rsync. But I wanted to know , if there is any option in syslog-ng .
Thanks
--- On Fri, 12/5/08, liuruihong <liuruihong@baidu.com> wrote:
From: liuruihong <liuruihong@baidu.com> Subject: 答复: [syslog-ng] Need help to send logs to a different server To: swap_project@yahoo.com, "'Syslog-ng users' and developers' mailing list'" <syslog-ng@lists.balabit.hu> Date: Friday, December 5, 2008, 3:23 AM in the client,you can define many remote log server simultaneously.syslog and syslog-ng all support this function. You can find in the manual:)
谢谢!
刘蕊红 |sys|6758
-----邮件原件----- 发件人: syslog-ng-bounces@lists.balabit.hu [mailto:syslog-ng-bounces@lists.balabit.hu] 代表 Swapna 发送时间: 2008年12月5日 4:17 收件人: syslog-ng@lists.balabit.hu 主题: [syslog-ng] Need help to send logs to a different server
Hi,
We have syslog-ng configuration as follows:
- There are 50 clients communicating to one log server
- The log server is kept in secured place where nobody have access
- All the logs of 50 clients are coming to the log server and the logs are kept as follow
/var/log/syslog-ng/<client host>/extended.log
We want all the log of each client to relay into a seperate server live. Means the current log file of each host will go to the new server simultaneously as it is going to the central log server.
We can configure a second log server like the existing one. But our requirement is, that all the logs will be received from the central log server not from the client hosts.
Any help is really appreciated.
Thanks
____________________________________________________________________________
__ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation:
http://www.balabit.com/support/documentation/?product=syslog-ng
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
Yeah. What I wrote was pseudo-code. What is in the attached conf file should work (barring typos and the ever persistent challenge of parenthesis and semicolons) cheers /Marc On 08/12/08 19.18, "Lavannya" <swap_project@yahoo.com> wrote: Hi Mark, Thanks for your reply. I am getting error whatever configuration you had said. May be I need to change our existing configuration again. Here is the central log server configuration I am sending as attachment. Our central log server is already configured with tcp(ip(0.0.0.0) ip and when I am adding the new server to collect the log it is giving error. - I want to add another server (this is needed for some application ) to my central log server which will get all the logs from the central log server. Pl. feel free to correct the log file and send it to me. Thanks again --- On Mon, 12/8/08, Marc Andersen <man@inspektsecurity.com> wrote:
From: Marc Andersen <man@inspektsecurity.com> Subject: Re: [syslog-ng] 答复: Need help to send logs to a different server To: "Syslog-ng users' and developers' mailing list" <syslog-ng@lists.balabit.hu> Date: Monday, December 8, 2008, 8:04 AM If the central syslog server is running syslog-ng you can just add another destination (live log server) to the already existing local files.
log{ source (udp/tcp incoming); destination(new live log server); };
cheers /Marc
On 07/12/08 16.03, "Lavannya" <swap_project@yahoo.com> wrote:
Yes , from the client we can , but I think if you read my mail properly, I clearly written that my requirement is NOT, to get the logs from the client. I want to set one server , which will get all the information from the central log master. Yes , I know it can be done through ssh/rsync. But I wanted to know , if there is any option in syslog-ng .
Thanks
--- On Fri, 12/5/08, liuruihong <liuruihong@baidu.com> wrote:
From: liuruihong <liuruihong@baidu.com> Subject: 答复: [syslog-ng] Need help to send logs to a different server To: swap_project@yahoo.com, "'Syslog-ng users' and developers' mailing list'" <syslog-ng@lists.balabit.hu> Date: Friday, December 5, 2008, 3:23 AM in the client,you can define many remote log server simultaneously.syslog and syslog-ng all support this function. You can find in the manual:)
谢谢!
刘蕊红 |sys|6758
-----邮件原件----- 发件人: syslog-ng-bounces@lists.balabit.hu [mailto:syslog-ng-bounces@lists.balabit.hu] 代表 Swapna 发送时间: 2008年12月5日 4:17 收件人: syslog-ng@lists.balabit.hu 主题: [syslog-ng] Need help to send logs to a different server
Hi,
We have syslog-ng configuration as follows:
- There are 50 clients communicating to one log server
- The log server is kept in secured place where nobody have access
- All the logs of 50 clients are coming to the log server and the logs are kept as follow
/var/log/syslog-ng/<client host>/extended.log
We want all the log of each client to relay into a seperate server live. Means the current log file of each host will go to the new server simultaneously as it is going to the central log server.
We can configure a second log server like the existing one. But our requirement is, that all the logs will be received from the central log server not from the client hosts.
Any help is really appreciated.
Thanks
____________________________________________________________________________
__ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation:
http://www.balabit.com/support/documentation/?product=syslog-ng
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
Hi, The f_everthing filter matches on all logs so it is redundant, you could omit it (using filters is optional in the log sections). To forward the logs to a second server the easiest would be to add the host to the everything destination like this: destination everything { file("/var/log/remotes/$HOST/$HOST-all-system.logs"); }; tcp(1.2.3.4 port(5)); }; Obviously replace the IP address and the port with valid values, and when the second server doesn't support tcp then you should use udp. BTW you should add the log_prefix option to your kernel source to mimic syslogd's behaviour: file("/proc/kmsg" log_prefix("kernel: ")); hth, Sandor
-----Original Message----- From: syslog-ng-bounces@lists.balabit.hu [mailto:syslog-ng-bounces@lists.balabit.hu] On Behalf Of Lavannya Sent: Monday, December 08, 2008 7:18 PM To: Syslog-ng users' and developers' mailing list Subject: Re: [syslog-ng] 答复: Need help to send logs to a different server
Hi Mark,
Thanks for your reply. I am getting error whatever configuration you had said. May be I need to change our existing configuration again. Here is the central log server configuration I am sending as attachment. Our central log server is already configured with tcp(ip(0.0.0.0) ip and when I am adding the new server to collect the log it is giving error.
- I want to add another server (this is needed for some application ) to my central log server which will get all the logs from the central log server.
Pl. feel free to correct the log file and send it to me.
Thanks again
--- On Mon, 12/8/08, Marc Andersen <man@inspektsecurity.com> wrote:
From: Marc Andersen <man@inspektsecurity.com> Subject: Re: [syslog-ng] 答复: Need help to send logs to a different server To: "Syslog-ng users' and developers' mailing list" <syslog-ng@lists.balabit.hu> Date: Monday, December 8, 2008, 8:04 AM If the central syslog server is running syslog-ng you can just add another destination (live log server) to the already existing local files.
log{ source (udp/tcp incoming); destination(new live log server); };
cheers /Marc
On 07/12/08 16.03, "Lavannya" <swap_project@yahoo.com> wrote:
Yes , from the client we can , but I think if you read my mail properly, I clearly written that my requirement is NOT, to get the logs from the client. I want to set one server , which will get all the information from the central log master. Yes , I know it can be done through ssh/rsync. But I wanted to know , if there is any option in syslog-ng .
Thanks
--- On Fri, 12/5/08, liuruihong <liuruihong@baidu.com> wrote:
From: liuruihong <liuruihong@baidu.com> Subject: 答复: [syslog-ng] Need help to send logs to a different server To: swap_project@yahoo.com, "'Syslog-ng users' and developers' mailing list'" <syslog-ng@lists.balabit.hu> Date: Friday, December 5, 2008, 3:23 AM in the client,you can define many remote log server simultaneously.syslog and syslog-ng all support this function. You can find in the manual:)
谢谢!
刘蕊红 |sys|6758
-----邮件原件----- 发件人: syslog-ng-bounces@lists.balabit.hu [mailto:syslog-ng-bounces@lists.balabit.hu] 代表 Swapna 发送时间: 2008年12月5日 4:17 收件人: syslog-ng@lists.balabit.hu 主题: [syslog-ng] Need help to send logs to a different server
Hi,
We have syslog-ng configuration as follows:
- There are 50 clients communicating to one log server
- The log server is kept in secured place where nobody have access
- All the logs of 50 clients are coming to the log server and the logs are kept as follow
/var/log/syslog-ng/<client host>/extended.log
We want all the log of each client to relay into a seperate server live. Means the current log file of each host will go to the new server simultaneously as it is going to the central log server.
We can configure a second log server like the existing one. But our requirement is, that all the logs will be received from the central log server not from the client hosts.
Any help is really appreciated.
Thanks
______________________________________________________________ ______________
__ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation:
http://www.balabit.com/support/documentation/?product=syslog-ng
______________________________________________________________ ________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
______________________________________________________________ ________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
-------------------------------------------------------- NOTICE: If received in error, please destroy and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error.
Thanks to both of you. I have configured our existing log master , following both of your advice seperately. But the server where I am trying to forward the logs is not listening the port I am mentioning. I tested as follows: 1. I took a server where syslog-ng is not at all installe. checked, but did not find any log which is being forwarded by the central log master 2.. Took one server which is already a client , and syslog-ng is installed already as it is a client server. In that server also did not find any logs which is being forwarded by the central log master. In both the servers where I tested, iptables is turned off. Moreover found, that the central log master is broken too. Pl. guide me more where ,i am missing for this configuration. Thanks again --- On Tue, 12/9/08, Geller, Sandor (IT) <Sandor.Geller@morganstanley.com> wrote:
From: Geller, Sandor (IT) <Sandor.Geller@morganstanley.com> Subject: Re: [syslog-ng] 答复: Need help to send logs to a different server To: "Syslog-ng users' and developers' mailing list" <syslog-ng@lists.balabit.hu> Date: Tuesday, December 9, 2008, 3:22 AM Hi,
The f_everthing filter matches on all logs so it is redundant, you could omit it (using filters is optional in the log sections).
To forward the logs to a second server the easiest would be to add the host to the everything destination like this:
destination everything {
file("/var/log/remotes/$HOST/$HOST-all-system.logs"); }; tcp(1.2.3.4 port(5)); };
Obviously replace the IP address and the port with valid values, and when the second server doesn't support tcp then you should use udp.
BTW you should add the log_prefix option to your kernel source to mimic syslogd's behaviour:
file("/proc/kmsg" log_prefix("kernel: "));
hth,
Sandor
-----Original Message----- From: syslog-ng-bounces@lists.balabit.hu [mailto:syslog-ng-bounces@lists.balabit.hu] On Behalf Of Lavannya Sent: Monday, December 08, 2008 7:18 PM To: Syslog-ng users' and developers' mailing list Subject: Re: [syslog-ng] 答复: Need help to send logs to a different server
Hi Mark,
Thanks for your reply. I am getting error whatever configuration you had said. May be I need to change our existing configuration again. Here is the central log server configuration I am sending as attachment. Our central log server is already configured with tcp(ip(0.0.0.0) ip and when I am adding the new server to collect the log it is giving error.
- I want to add another server (this is needed for some application ) to my central log server which will get all the logs from the central log server.
Pl. feel free to correct the log file and send it to me.
Thanks again
--- On Mon, 12/8/08, Marc Andersen <man@inspektsecurity.com> wrote:
From: Marc Andersen <man@inspektsecurity.com> Subject: Re: [syslog-ng] 答复: Need help to send logs to a different server To: "Syslog-ng users' and developers' mailing list" <syslog-ng@lists.balabit.hu> Date: Monday, December 8, 2008, 8:04 AM If the central syslog server is running syslog-ng you can just add another destination (live log server) to the already existing local files.
log{ source (udp/tcp incoming); destination(new live log server); };
cheers /Marc
On 07/12/08 16.03, "Lavannya" <swap_project@yahoo.com> wrote:
Yes , from the client we can , but I think if you read my mail properly, I clearly written that my requirement is NOT, to get the logs from the client. I want to set one server , which will get all the information from the central log master. Yes , I know it can be done through ssh/rsync. But I wanted to know , if there is any option in syslog-ng .
Thanks
--- On Fri, 12/5/08, liuruihong <liuruihong@baidu.com> wrote:
From: liuruihong <liuruihong@baidu.com> Subject: 答复: [syslog-ng] Need help to send logs to a different server To: swap_project@yahoo.com, "'Syslog-ng users' and developers' mailing list'" <syslog-ng@lists.balabit.hu> Date: Friday, December 5, 2008, 3:23 AM in the client,you can define many remote log server simultaneously.syslog and syslog-ng all support this function. You can find in the manual:)
谢谢!
刘蕊红 |sys|6758
-----邮件原件----- 发件人: syslog-ng-bounces@lists.balabit.hu [mailto:syslog-ng-bounces@lists.balabit.hu] 代表 Swapna 发送时间: 2008年12月5日 4:17 收件人: syslog-ng@lists.balabit.hu 主题: [syslog-ng] Need help to send logs to a different server
Hi,
We have syslog-ng configuration as follows:
- There are 50 clients communicating to one log server
- The log server is kept in secured place where nobody have access
- All the logs of 50 clients are coming to the log server and the logs are kept as follow
/var/log/syslog-ng/<client host>/extended.log
We want all the log of each client to relay into a seperate server live. Means the current log file of each host will go to the new server simultaneously as it is going to the central log server.
We can configure a second log server like the existing one. But our requirement is, that all the logs will be received from the central log server not from the client hosts.
Any help is really appreciated.
Thanks
______________________________________________________________
______________
__ Member info:
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation:
http://www.balabit.com/support/documentation/?product=syslog-ng
______________________________________________________________
________________
Member info:
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation:
http://www.balabit.com/support/documentation/?product=syslog-ng
______________________________________________________________
________________
Member info:
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation:
http://www.balabit.com/support/documentation/?product=syslog-ng
--------------------------------------------------------
NOTICE: If received in error, please destroy and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error. ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
Hi Install syslog-ng on the new server. Copy the syslog-ng.conf from the master server to the new server and use that. Add the information we have given you to the master server. Now you have ‘two’ master servers where on is forwarding everything to the other. /Marc On 09/12/08 18.04, "Lavannya" <swap_project@yahoo.com> wrote: Thanks to both of you. I have configured our existing log master , following both of your advice seperately. But the server where I am trying to forward the logs is not listening the port I am mentioning. I tested as follows: 1. I took a server where syslog-ng is not at all installe. checked, but did not find any log which is being forwarded by the central log master 2.. Took one server which is already a client , and syslog-ng is installed already as it is a client server. In that server also did not find any logs which is being forwarded by the central log master. In both the servers where I tested, iptables is turned off. Moreover found, that the central log master is broken too. Pl. guide me more where ,i am missing for this configuration. Thanks again --- On Tue, 12/9/08, Geller, Sandor (IT) <Sandor.Geller@morganstanley.com> wrote:
From: Geller, Sandor (IT) <Sandor.Geller@morganstanley.com> Subject: Re: [syslog-ng] 答复: Need help to send logs to a different server To: "Syslog-ng users' and developers' mailing list" <syslog-ng@lists.balabit.hu> Date: Tuesday, December 9, 2008, 3:22 AM Hi,
The f_everthing filter matches on all logs so it is redundant, you could omit it (using filters is optional in the log sections).
To forward the logs to a second server the easiest would be to add the host to the everything destination like this:
destination everything {
file("/var/log/remotes/$HOST/$HOST-all-system.logs"); }; tcp(1.2.3.4 port(5)); };
Obviously replace the IP address and the port with valid values, and when the second server doesn't support tcp then you should use udp.
BTW you should add the log_prefix option to your kernel source to mimic syslogd's behaviour:
file("/proc/kmsg" log_prefix("kernel: "));
hth,
Sandor
-----Original Message----- From: syslog-ng-bounces@lists.balabit.hu [mailto:syslog-ng-bounces@lists.balabit.hu] On Behalf Of Lavannya Sent: Monday, December 08, 2008 7:18 PM To: Syslog-ng users' and developers' mailing list Subject: Re: [syslog-ng] 答复: Need help to send logs to a different server
Hi Mark,
Thanks for your reply. I am getting error whatever configuration you had said. May be I need to change our existing configuration again. Here is the central log server configuration I am sending as attachment. Our central log server is already configured with tcp(ip(0.0.0.0) ip and when I am adding the new server to collect the log it is giving error.
- I want to add another server (this is needed for some application ) to my central log server which will get all the logs from the central log server.
Pl. feel free to correct the log file and send it to me.
Thanks again
--- On Mon, 12/8/08, Marc Andersen <man@inspektsecurity.com> wrote:
From: Marc Andersen <man@inspektsecurity.com> Subject: Re: [syslog-ng] 答复: Need help to send logs to a different server To: "Syslog-ng users' and developers' mailing list" <syslog-ng@lists.balabit.hu> Date: Monday, December 8, 2008, 8:04 AM If the central syslog server is running syslog-ng you can just add another destination (live log server) to the already existing local files.
log{ source (udp/tcp incoming); destination(new live log server); };
cheers /Marc
On 07/12/08 16.03, "Lavannya" <swap_project@yahoo.com> wrote:
Yes , from the client we can , but I think if you read my mail properly, I clearly written that my requirement is NOT, to get the logs from the client. I want to set one server , which will get all the information from the central log master. Yes , I know it can be done through ssh/rsync. But I wanted to know , if there is any option in syslog-ng .
Thanks
--- On Fri, 12/5/08, liuruihong <liuruihong@baidu.com> wrote:
From: liuruihong <liuruihong@baidu.com> Subject: 答复: [syslog-ng] Need help to send logs to a different server To: swap_project@yahoo.com, "'Syslog-ng users' and developers' mailing list'" <syslog-ng@lists.balabit.hu> Date: Friday, December 5, 2008, 3:23 AM in the client,you can define many remote log server simultaneously.syslog and syslog-ng all support this function. You can find in the manual:)
谢谢!
刘蕊红 |sys|6758
-----邮件原件----- 发件人: syslog-ng-bounces@lists.balabit.hu [mailto:syslog-ng-bounces@lists.balabit.hu] 代表 Swapna 发送时间: 2008年12月5日 4:17 收件人: syslog-ng@lists.balabit.hu 主题: [syslog-ng] Need help to send logs to a different server
Hi,
We have syslog-ng configuration as follows:
- There are 50 clients communicating to one log server
- The log server is kept in secured place where nobody have access
- All the logs of 50 clients are coming to the log server and the logs are kept as follow
/var/log/syslog-ng/<client host>/extended.log
We want all the log of each client to relay into a seperate server live. Means the current log file of each host will go to the new server simultaneously as it is going to the central log server.
We can configure a second log server like the existing one. But our requirement is, that all the logs will be received from the central log server not from the client hosts.
Any help is really appreciated.
Thanks
______________________________________________________________
______________
__ Member info:
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation:
http://www.balabit.com/support/documentation/?product=syslog-ng
______________________________________________________________
________________
Member info:
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation:
http://www.balabit.com/support/documentation/?product=syslog-ng
______________________________________________________________
________________
Member info:
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation:
http://www.balabit.com/support/documentation/?product=syslog-ng
--------------------------------------------------------
NOTICE: If received in error, please destroy and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error. ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
participants (5)
-
Geller, Sandor (IT)
-
Lavannya
-
liuruihong
-
Marc Andersen
-
Swapna