[syslog-ng] 答复: Need help to send logs to a different server
Lavannya
swap_project at yahoo.com
Tue Dec 9 18:04:46 CET 2008
Thanks to both of you.
I have configured our existing log master , following both of your advice seperately. But the server where I am trying to forward the logs
is not listening the port I am mentioning.
I tested as follows:
1. I took a server where syslog-ng is not at all installe.
checked, but did not find any log which is being forwarded
by the central log master
2.. Took one server which is already a client , and
syslog-ng is installed already as it is a client server.
In that server also did not find any logs which is being
forwarded by the central log master.
In both the servers where I tested, iptables is turned off. Moreover found, that the central log master is broken too.
Pl. guide me more where ,i am missing for this configuration.
Thanks again
--- On Tue, 12/9/08, Geller, Sandor (IT) <Sandor.Geller at morganstanley.com> wrote:
> From: Geller, Sandor (IT) <Sandor.Geller at morganstanley.com>
> Subject: Re: [syslog-ng] 答复: Need help to send logs to a different server
> To: "Syslog-ng users' and developers' mailing list" <syslog-ng at lists.balabit.hu>
> Date: Tuesday, December 9, 2008, 3:22 AM
> Hi,
>
> The f_everthing filter matches on all logs so it is
> redundant,
> you could omit it (using filters is optional in the log
> sections).
>
> To forward the logs to a second server the easiest would be
> to
> add the host to the everything destination like this:
>
> destination everything {
>
> file("/var/log/remotes/$HOST/$HOST-all-system.logs");
> };
> tcp(1.2.3.4 port(5));
> };
>
> Obviously replace the IP address and the port with valid
> values,
> and when the second server doesn't support tcp then you
> should
> use udp.
>
> BTW you should add the log_prefix option to your kernel
> source
> to mimic syslogd's behaviour:
>
> file("/proc/kmsg"
> log_prefix("kernel: "));
>
> hth,
>
> Sandor
>
> > -----Original Message-----
> > From: syslog-ng-bounces at lists.balabit.hu
> > [mailto:syslog-ng-bounces at lists.balabit.hu] On Behalf
> Of Lavannya
> > Sent: Monday, December 08, 2008 7:18 PM
> > To: Syslog-ng users' and developers' mailing
> list
> > Subject: Re: [syslog-ng] 答复: Need help to send
> logs to a
> > different server
> >
> > Hi Mark,
> >
> > Thanks for your reply. I am getting error whatever
> > configuration you had said. May be I need to change
> our
> > existing configuration again. Here is the central
> log
> > server configuration I am sending as attachment. Our
> central
> > log server is already configured with
> tcp(ip(0.0.0.0) ip
> > and when I am adding the new server to collect the
> log it
> > is giving error.
> >
> > - I want to add another server (this is needed for
> some
> > application )
> > to my central log server which will
> > get all the logs from the central log server.
> >
> > Pl. feel free to correct the log file and send it to
> me.
> >
> > Thanks again
> >
> >
> >
> >
> >
> > --- On Mon, 12/8/08, Marc Andersen
> <man at inspektsecurity.com> wrote:
> >
> > > From: Marc Andersen
> <man at inspektsecurity.com>
> > > Subject: Re: [syslog-ng] 答复: Need help to
> send logs to a
> > different server
> > > To: "Syslog-ng users' and
> developers' mailing list"
> > <syslog-ng at lists.balabit.hu>
> > > Date: Monday, December 8, 2008, 8:04 AM
> > > If the central syslog server is running syslog-ng
> you can
> > > just add another destination (live log server) to
> the
> > > already existing local files.
> > >
> > > log{
> > > source (udp/tcp incoming);
> > > destination(new live log server);
> > > };
> > >
> > > cheers
> > > /Marc
> > >
> > >
> > > On 07/12/08 16.03, "Lavannya"
> > > <swap_project at yahoo.com> wrote:
> > >
> > > Yes , from the client we can , but I think if
> you read
> > > my mail properly, I clearly written that my
> requirement is
> > > NOT, to get the logs from the client. I want to
> set one
> > > server , which will get all the information from
> the
> > > central log master. Yes , I know it can be done
> through
> > > ssh/rsync. But I wanted to know , if there is any
> option in
> > > syslog-ng .
> > >
> > > Thanks
> > >
> > >
> > >
> > > --- On Fri, 12/5/08, liuruihong
> > > <liuruihong at baidu.com> wrote:
> > >
> > > > From: liuruihong
> <liuruihong at baidu.com>
> > > > Subject: 答复: [syslog-ng] Need help to
> send logs to
> > > a different server
> > > > To: swap_project at yahoo.com,
> "'Syslog-ng
> > > users' and developers' mailing
> list'"
> > > <syslog-ng at lists.balabit.hu>
> > > > Date: Friday, December 5, 2008, 3:23 AM
> > > > in the client,you can define many remote log
> server
> > > > simultaneously.syslog
> > > > and syslog-ng all support this function.
> > > > You can find in the manual:)
> > > >
> > > >
> > > > 谢谢!
> > > >
> > > > 刘蕊红 |sys|6758
> > > >
> > > > -----邮件原件-----
> > > > 发件人:
> syslog-ng-bounces at lists.balabit.hu
> > > > [mailto:syslog-ng-bounces at lists.balabit.hu]
> 代表
> > > Swapna
> > > > 发送时间: 2008年12月5日 4:17
> > > > 收件人: syslog-ng at lists.balabit.hu
> > > > 主题: [syslog-ng] Need help to send logs
> to a
> > > different
> > > > server
> > > >
> > > > Hi,
> > > >
> > > >
> > > > We have syslog-ng configuration as follows:
> > > >
> > > > - There are 50 clients communicating to
> one log
> > > server
> > > >
> > > > - The log server is kept in secured
> place where
> > > nobody
> > > > have access
> > > >
> > > > - All the logs of 50 clients are
> coming to the
> > > log
> > > > server and
> > > > the logs are kept as follow
> > > >
> > > > /var/log/syslog-ng/<client
> > > > host>/extended.log
> > > >
> > > >
> > > > We want all the log of each client to
> relay into a
> > > > seperate server live.
> > > > Means the current log file of each host
> will go to
> > > the
> > > > new server
> > > > simultaneously as it is going to the
> central log
> > > server.
> > > >
> > > >
> > > > We can configure a second log server like
> the
> > > existing
> > > > one. But our
> > > > requirement is, that all the logs will be
> received
> > > from
> > > > the central log
> > > > server not from the client hosts.
> > > >
> > > > Any help is really appreciated.
> > > >
> > > > Thanks
> > > >
> > > >
> > > >
> > > >
> > > >
> > >
> >
> ______________________________________________________________
> > ______________
> > > > __
> > > > Member info:
> > > >
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> > > > Documentation:
> > > >
> > >
> http://www.balabit.com/support/documentation/?product=syslog-ng
> > > > FAQ:
> http://www.campin.net/syslog-ng/faq.html
> > >
> > >
> > >
> > >
> >
> ______________________________________________________________
> > ________________
> > > Member info:
> > >
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> > > Documentation:
> > >
> http://www.balabit.com/support/documentation/?product=syslog-ng
> > > FAQ: http://www.campin.net/syslog-ng/faq.html
> > >
> > >
> > >
> >
> ______________________________________________________________
> > ________________
> > > Member info:
> > >
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> > > Documentation:
> > >
> http://www.balabit.com/support/documentation/?product=syslog-ng
> > > FAQ: http://www.campin.net/syslog-ng/faq.html
> >
> >
> >
> --------------------------------------------------------
>
> NOTICE: If received in error, please destroy and notify
> sender. Sender does not intend to waive confidentiality or
> privilege. Use of this email is prohibited when received in
> error.
> ______________________________________________________________________________
> Member info:
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
More information about the syslog-ng
mailing list