How to configure client and host server
Hi , I am beginner in linux and first time i am going to installation and configure syslog-ng .So, I hope ,will get more help from your side because i am being confuse while reading documentation.first of all i want to mention my requirements. OS:- centos 6.9 My Requirements:- 1. we have 20 apache webserver ,we are writing apache custom logs or php applications logs in a particular directory ,But directory location is different different for both apache log and php application logs. For example we are writing log in "/usr/local/apache/logs " and apache log format or php application log format are mentioned below . *apche custom logs Fromta:- * abc_access_2018-05-09.log ,abc_error_2018-05-09.log and xyz_access_2018-05-09.log etc.. *Php application log format:- * hello_vidoes_20180509.txt , world_music_20180509.txt 2. I want to store these logs of 20 web servers on a centralised server at real time and we do not want to change logs file and format . Is this possible? 3. I want to make 20 web server as client server and centralised server (as host server). Here ,I can not understand from documentation ,So Can you provide the configuration for both side client and host side ? Client ip:- 192.168.122.184 server IP(centralised):- 192.168.122.61 *Thanks & Regards :-* *VINOD SINGH SAUD* *(M):- 09718663552* *(W):-09997645597* *(E) :- vinod.samant.123@gmail.com <vinod.samant.123@gmail.com>*
Please help on this *Thanks & Regards :-* *VINOD SINGH SAUD* *(M):- 09718663552* *(W):-09997645597* *(E) :- vinod.samant.123@gmail.com <vinod.samant.123@gmail.com>* On Wed, May 9, 2018 at 10:46 PM, vinod samant <vinod.samant.123@gmail.com> wrote:
Hi , I am beginner in linux and first time i am going to installation and configure syslog-ng .So, I hope ,will get more help from your side because i am being confuse while reading documentation.first of all i want to mention my requirements.
OS:- centos 6.9
My Requirements:-
1. we have 20 apache webserver ,we are writing apache custom logs or php applications logs in a particular directory ,But directory location is different different for both apache log and php application logs. For example we are writing log in "/usr/local/apache/logs " and apache log format or php application log format are mentioned below .
*apche custom logs Fromta:- * abc_access_2018-05-09.log ,abc_error_2018-05-09.log and xyz_access_2018-05-09.log etc..
*Php application log format:- * hello_vidoes_20180509.txt , world_music_20180509.txt
2. I want to store these logs of 20 web servers on a centralised server at real time and we do not want to change logs file and format . Is this possible?
3. I want to make 20 web server as client server and centralised server (as host server).
Here ,I can not understand from documentation ,So Can you provide the configuration for both side client and host side ?
Client ip:- 192.168.122.184 server IP(centralised):- 192.168.122.61
*Thanks & Regards :-*
*VINOD SINGH SAUD*
*(M):- 09718663552*
*(W):-09997645597*
*(E) :- vinod.samant.123@gmail.com <vinod.samant.123@gmail.com>*
---------- Forwarded message ---------- From: vinod samant <vinod.samant.123@gmail.com> Date: Wed, May 9, 2018 at 10:46 PM Subject: How to configure client and host server To: "syslog-ng@lists.balabit.hu" <syslog-ng@lists.balabit.hu> Hi , I am beginner in linux and first time i am going to installation and configure syslog-ng .So, I hope ,will get more help from your side because i am being confuse while reading documentation.first of all i want to mention my requirements. OS:- centos 6.9 My Requirements:- 1. we have 20 apache webserver ,we are writing apache custom logs or php applications logs in a particular directory ,But directory location is different different for both apache log and php application logs. For example we are writing log in "/usr/local/apache/logs " and apache log format or php application log format are mentioned below . *apche custom logs Fromta:- * abc_access_2018-05-09.log ,abc_error_2018-05-09.log and xyz_access_2018-05-09.log etc.. *Php application log format:- * hello_vidoes_20180509.txt , world_music_20180509.txt 2. I want to store these logs of 20 web servers on a centralised server at real time and we do not want to change logs file and format . Is this possible? 3. I want to make 20 web server as client server and centralised server (as host server). Here ,I can not understand from documentation ,So Can you provide the configuration for both side client and host side ? Client ip:- 192.168.122.184 server IP(centralised):- 192.168.122.61 *Thanks & Regards :-* *VINOD SINGH SAUD* *(M):- 09718663552* *(W):-09997645597* *(E) :- vinod.samant.123@gmail.com <vinod.samant.123@gmail.com>*
"vinod" == vinod samant <vinod.samant.123@gmail.com> writes:
vinod> ---------- Forwarded message ---------- Please allow us some time to write a reply, and be patient. Asking for an update the next morning, and forwarding the message to the list again (adding Gergely Bodnar to the CC) just a few hours after is not going to get you an answer any sooner. If you require faster answers (with SLAs), or more in-depth guideance, BalaBit offers paid support and/or consultancy services for syslog-ng. See https://syslog-ng.com/support and https://syslog-ng.com/service-delivery, respectively. Thank you. -- |8]
Thanks for reply , Query:- 1. Is these change should on default configuration file syslog-ng.conf or we have to create new .conf file on conf.d/ directory ? *Thanks & Regards :-* *VINOD SINGH SAUD* *(M):- 09718663552* *(W):-09997645597* *(E) :- vinod.samant.123@gmail.com <vinod.samant.123@gmail.com>* On Thu, May 10, 2018 at 3:50 PM, Gergely Nagy <algernon@balabit.com> wrote:
"vinod" == vinod samant <vinod.samant.123@gmail.com> writes:
vinod> ---------- Forwarded message ----------
Please allow us some time to write a reply, and be patient. Asking for an update the next morning, and forwarding the message to the list again (adding Gergely Bodnar to the CC) just a few hours after is not going to get you an answer any sooner.
If you require faster answers (with SLAs), or more in-depth guideance, BalaBit offers paid support and/or consultancy services for syslog-ng. See https://syslog-ng.com/support and https://syslog-ng.com/service-delivery, respectively.
Thank you.
-- |8]
"vinod" == vinod samant <vinod.samant.123@gmail.com> writes:
vinod> 1. Is these change should on default configuration file syslog-ng.conf or vinod> we have to create new .conf file on conf.d/ directory ? These were meant to be complete configuration files, replacing syslog-ng.conf. But feel free to adapt them to any existing configuration. -- |8]
Hi My simple configuration is mentioned below but i can not get any logs from cilent to server. Is this configuration are wright or not? if i have to some changes on this configuration file Please suggest. Here i am doing simple configuration. OS:- centos 6 Client IP:- 192.168.122.21 server IP:- 192.168.122.67 (central server)
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>Client<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
@version:3.13 @include "scl.conf" source s_local { system(); internal(); }; destination d_network {udp("192.168.122.67" port(514)); }; destination d_local { file("/var/log/messages"); }; log{ source(s_local); destination(d_network); destination(d_local); };
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>Server config<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
@version:3.13 @include "scl.conf" source s_local{system(); internal();}; source s_network{ udp(); tcp(); }; destination d_local{file("/var/log/messages");}; destination d_from_net{file("/var/log/from_net");}; log{ source(s_local); destination(d_local); }; log { source(s_network); destination(d_from_net); };
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Please suggest on this . *Thanks & Regards :-* *VINOD SINGH SAUD* *(M):- 09718663552* *(W):-09997645597* *(E) :- vinod.samant.123@gmail.com <vinod.samant.123@gmail.com>* On Thu, May 10, 2018 at 6:46 PM, Gergely Nagy <algernon@balabit.com> wrote:
"vinod" == vinod samant <vinod.samant.123@gmail.com> writes:
vinod> 1. Is these change should on default configuration file syslog-ng.conf or vinod> we have to create new .conf file on conf.d/ directory ?
These were meant to be complete configuration files, replacing syslog-ng.conf. But feel free to adapt them to any existing configuration.
-- |8]
Hi Vinod, Do you see any error messages or warnings from syslog-ng on either the client or the server side? Regards, Gabor On Fri, May 11, 2018 at 8:26 AM, vinod samant <vinod.samant.123@gmail.com> wrote:
Hi My simple configuration is mentioned below but i can not get any logs from cilent to server.
Is this configuration are wright or not? if i have to some changes on this configuration file Please suggest. Here i am doing simple configuration.
OS:- centos 6 Client IP:- 192.168.122.21 server IP:- 192.168.122.67 (central server)
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>Client<<<<<<<<<<<<<<<<<<< <<<<<<<<<<<<<<<<<<<<<<<<<<
@version:3.13 @include "scl.conf"
source s_local { system(); internal();
}; destination d_network {udp("192.168.122.67" port(514));
};
destination d_local { file("/var/log/messages"); };
log{ source(s_local); destination(d_network); destination(d_local);
};
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>Server config<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
@version:3.13 @include "scl.conf"
source s_local{system(); internal();}; source s_network{
udp(); tcp();
};
destination d_local{file("/var/log/messages");}; destination d_from_net{file("/var/log/from_net");}; log{ source(s_local); destination(d_local); }; log { source(s_network); destination(d_from_net); };
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Please suggest on this .
*Thanks & Regards :-*
*VINOD SINGH SAUD*
*(M):- 09718663552*
*(W):-09997645597*
*(E) :- vinod.samant.123@gmail.com <vinod.samant.123@gmail.com>*
On Thu, May 10, 2018 at 6:46 PM, Gergely Nagy <algernon@balabit.com> wrote:
> "vinod" == vinod samant <vinod.samant.123@gmail.com> writes:
vinod> 1. Is these change should on default configuration file syslog-ng.conf or vinod> we have to create new .conf file on conf.d/ directory ?
These were meant to be complete configuration files, replacing syslog-ng.conf. But feel free to adapt them to any existing configuration.
-- |8]
____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/? product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
Hi Gabor, Now i am getting logs on server. Now i wan to send clients apache logs on server. Apache create custom logs on "/usr/local/apache/logs/access_67-2018-05-11.log ". currently logs are created on* "*file("/var/log/*from_net");}; *this location and all are coming on from_net file . But Now i want to send apache logs on server in same format like access_67-2018-05-11.log ,then how to configure it on both side? *Thanks & Regards :-* *VINOD SINGH SAUD* *(M):- 09718663552* *(W):-09997645597* *(E) :- vinod.samant.123@gmail.com <vinod.samant.123@gmail.com>* On Fri, May 11, 2018 at 1:42 PM, Nagy, Gábor <gabor.nagy@balabit.com> wrote:
Hi Vinod,
Do you see any error messages or warnings from syslog-ng on either the client or the server side?
Regards, Gabor
On Fri, May 11, 2018 at 8:26 AM, vinod samant <vinod.samant.123@gmail.com> wrote:
Hi My simple configuration is mentioned below but i can not get any logs from cilent to server.
Is this configuration are wright or not? if i have to some changes on this configuration file Please suggest. Here i am doing simple configuration.
OS:- centos 6 Client IP:- 192.168.122.21 server IP:- 192.168.122.67 (central server)
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>Client<<<<<<<<<<<<<<<<<<< <<<<<<<<<<<<<<<<<<<<<<<<<<
@version:3.13 @include "scl.conf"
source s_local { system(); internal();
}; destination d_network {udp("192.168.122.67" port(514));
};
destination d_local { file("/var/log/messages"); };
log{ source(s_local); destination(d_network); destination(d_local);
};
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>Server config<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
@version:3.13 @include "scl.conf"
source s_local{system(); internal();}; source s_network{
udp(); tcp();
};
destination d_local{file("/var/log/messages");}; destination d_from_net{file("/var/log/from_net");}; log{ source(s_local); destination(d_local); }; log { source(s_network); destination(d_from_net); };
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Please suggest on this .
*Thanks & Regards :-*
*VINOD SINGH SAUD*
*(M):- 09718663552*
*(W):-09997645597*
*(E) :- vinod.samant.123@gmail.com <vinod.samant.123@gmail.com>*
On Thu, May 10, 2018 at 6:46 PM, Gergely Nagy <algernon@balabit.com> wrote:
>> "vinod" == vinod samant <vinod.samant.123@gmail.com> writes:
vinod> 1. Is these change should on default configuration file syslog-ng.conf or vinod> we have to create new .conf file on conf.d/ directory ?
These were meant to be complete configuration files, replacing syslog-ng.conf. But feel free to adapt them to any existing configuration.
-- |8]
____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product= syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/? product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
"vinod" == vinod samant <vinod.samant.123@gmail.com> writes:
vinod> 2. I want to store these logs of 20 web servers on a centralised server at vinod> real time and we do not want to change logs file and format . Is this vinod> possible? Yes, it is possible. vinod> 3. I want to make 20 web server as client server and centralised server (as vinod> host server). vinod> Here ,I can not understand from documentation ,So Can you provide the vinod> configuration for both side client and host side ? Assuming that you want to store these logs only, and not any other logs, you can find a sample below: ------------------------------ * client * ------------------------------ @version: 3.15 source s_apache_logs { wildcard-file( base-dir("/usr/local/apache/logs") filename-pattern("*access*.log") flags(no-parse) ); }; source s_php_logs { wildcard-file( base-dir("/usr/local/apache/logs") filename-pattern("*.txt") flags(no-parse); ); }; destination d_central { network("192.168.122.61" template("$(basename ${FILE_NAME}),${MSG}\n")); }; log { source(s_apache_logs); source(s_php_logs); destination(d_central); }; ------------------------------ * server * ------------------------------ @version: 3.15 source s_net { network(flags(no-parse)); }; parser p_apache { csv-parser( columns("apache.FILE_NAME", "apache.MESSAGE"); flags(greedy); ); }; destination d_central_apache { file("/usr/local/apache/logs/${apache.FILE_NAME}" template("${apache.MESSAGE}\n")); }; log { source(s_net); parser(p_apache); destination(d_central_apache); }; ------------------------------ * end * ------------------------------ You may need to change these a little, if your PHP logs are not under /usr/local/apache/logs, for example. Or if you want to use TCP instead of UDP, or if you want TLS for transport. If you want to use syslog-ng for other kinds of logs as well, you will need to add that to the configuration as well. Please consult the documentation and numerous HOWTOs available online for hints. There are other ways to accomplish the same thing, this one is reasonably simple and performant. -- |8]
participants (3)
-
Gergely Nagy
-
Nagy, Gábor
-
vinod samant