[syslog-ng]Re: offline mode?
Russell Adams
syslog-ng@lists.balabit.hu
Wed, 25 Aug 2004 16:34:04 -0500
Actually, your laptop wouldn't be a problem.
If you have a dynamic hostname, don't include the hostname in the
path. Your laptop isn't running a syslog-ng server in order to
centralize logs from multiple hosts... So just use
/var/log/yyyy/mm/dd/loglevel.
Then rsync that to a specific hostname directory on your central logserver
(/var/log/HOSTS/hostname).
Issue resolved.
BTW, for reporting from trees of log files, I highly recommend
Logmuncher ( http://www.cs.hmc.edu/~geoff/logmuncher.html ) for
scanning log files. Its got a few features that allow it to grab
messages from recent logs in log trees.
Russell
On Wed, Aug 25, 2004 at 01:56:13PM -0700, Jeremy Mates wrote:
> * Russell Adams <RLAdams@Kelsey-Seybold.com>
> > I'd use a tree style log directory
> > (/var/log/HOSTS/hostname/yyyy/mm/dd/loglevel), and then rsync to your
> > central server when a connection is available.
>
> Agreed, though for laptops using a hostname might be difficult; the
> hostname of my OS X laptop changes quite often. Maybe set a hostname or
> other ID to use via a configuration system instead of using the
> "official" hostname.
>
> > That way you're syncing full files, not one monolithic log file that
> > changes while you read it.
>
> Yes, messages.x rotation does not work at all with rsync.
> _______________________________________________
> syslog-ng maillist - syslog-ng@lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Frequently asked questions at http://www.campin.net/syslog-ng/faq.html