[syslog-ng] connecting to syslog-ng

Alexander Clouter ac56 at soas.ac.uk
Fri Sep 22 19:20:48 CEST 2006


Torsten Curdt <tcurdt at vafer.org> [20060922 15:42:09 +0200]:
> [snipped]
> >> Basically I want only to connect to those machines running syslog-ng
> >> in certain situations. Like
> >>
> >>   ssh root at machine tail -f /var/log/messages
> >>
> >> ...without the need for a ssh account
> >
> >what do you think are the advantages are to avoiding ssh?
> Deployment and security related. Just no option to give ssh access to
> dozens of developers just to read the logs. Those machines are as
> locked up as possible.
Well I helped in adding multicast logging support to syslog-ng for two 

1. makes for an effective and very easy way to have a cluster logging system
2. you can 'tune in' to the logging messages you want from anywhere

I think its the latter that you would be interested in particularly.  
Although I have multicast logging setup here at work I have yett to get 
around to write the 'tuning in' perl script that will stream the logs to the 
local machine, so what you would type on the developer machines is:

$ ./syslog-mc.pl 514 | grep cheese

which would display live all the lines with cheese that are being streamed to 
the multicast address (port 514).

If you grovel suitably I'll get around to writing[1] the tuning in script 
sooner rather than later ;) 

Is this what you are after?  syslog-ng would still run on the logging box but 
you would broadcast to multicast groups your streams.



[1] its easy enough, I have all the multicast perl joining functions written 
	already that I used for other work related multicast projects

> cheers
> --
> Torsten
> _______________________________________________
> syslog-ng maillist  -  syslog-ng at lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Frequently asked questions at http://www.campin.net/syslog-ng/faq.html

More information about the syslog-ng mailing list