[syslog-ng] connecting to syslog-ng
ac56 at soas.ac.uk
Fri Sep 22 19:20:48 CEST 2006
Torsten Curdt <tcurdt at vafer.org> [20060922 15:42:09 +0200]:
> >> Basically I want only to connect to those machines running syslog-ng
> >> in certain situations. Like
> >> ssh root at machine tail -f /var/log/messages
> >> ...without the need for a ssh account
> >what do you think are the advantages are to avoiding ssh?
> Deployment and security related. Just no option to give ssh access to
> dozens of developers just to read the logs. Those machines are as
> locked up as possible.
Well I helped in adding multicast logging support to syslog-ng for two
1. makes for an effective and very easy way to have a cluster logging system
2. you can 'tune in' to the logging messages you want from anywhere
I think its the latter that you would be interested in particularly.
Although I have multicast logging setup here at work I have yett to get
around to write the 'tuning in' perl script that will stream the logs to the
local machine, so what you would type on the developer machines is:
$ ./syslog-mc.pl 184.108.40.206 514 | grep cheese
which would display live all the lines with cheese that are being streamed to
the multicast address 220.127.116.11 (port 514).
If you grovel suitably I'll get around to writing the tuning in script
sooner rather than later ;)
Is this what you are after? syslog-ng would still run on the logging box but
you would broadcast to multicast groups your streams.
 its easy enough, I have all the multicast perl joining functions written
already that I used for other work related multicast projects
> syslog-ng maillist - syslog-ng at lists.balabit.hu
> Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
More information about the syslog-ng