[syslog-ng]Basic questions

[Ben Russo]

On Mon, 2002-11-11 at 17:00, qian@x85.com wrote:
> I'm new to this mailing list. Here are some basic questions. Any help is appreciated.
> 
> Q1. If I want to set a centralize log server, do i need to run your version of syslogd (syslog-ng) on log server only or all the clients need that version too?
> 

You *could* run it on all the servers or none of the servers.
The standard UNIX syslog daemon can run as a daemon to accept incomming 
syslog messages.  However it is very limited and not very flexible.

>
> Q2. To save log from differnt host to its file, one needs to specify this:
>  
>   destination host ( file("/var/log/$HOST/....") )
>  
> on /etc/syslog.conf only on log server?
> 

Well, the default location would be syslog-ng.conf in whatever directory
you have the binary compiled to look for it, not syslog.conf
But yeah you could have incomming syslog messages sorted into different
directories by hostname of the sender with that.

> 
> Q3. If I use a rely server, so log generated from host1, relyed thru host2 to log server, is it recorded as host2 or host1 or host1/host2 depending on the option of keep_hostname/chain_hostname? What I want is to preserve the orinigal host (host1), how to do it?
> 

Stick syslog-ng on the relay server, it won't lose the names of the
original.  (That is a major downside of using standard UNIX syslogd.)

BTW:
	http://www.muppethouse.com/~ben/
has a link to a document I prepared on how to do syslogs to a database
for easy perusal.  I also recently did a really easy install of
phpPGadmin into my Apache server on the syslog-ng central database,
makes generating and storing ad-hoc queries very easy.

-Ben.