[syslog-ng] 答复: Need help to send logs to a different server
Marc Andersen
man at inspektsecurity.com
Thu Dec 11 14:13:40 CET 2008
Hi
Install syslog-ng on the new server.
Copy the syslog-ng.conf from the master server to the new server and use that.
Add the information we have given you to the master server.
Now you have ‘two’ master servers where on is forwarding everything to the other.
/Marc
On 09/12/08 18.04, "Lavannya" <swap_project at yahoo.com> wrote:
Thanks to both of you.
I have configured our existing log master , following both of your advice seperately. But the server where I am trying to forward the logs
is not listening the port I am mentioning.
I tested as follows:
1. I took a server where syslog-ng is not at all installe.
checked, but did not find any log which is being forwarded
by the central log master
2.. Took one server which is already a client , and
syslog-ng is installed already as it is a client server.
In that server also did not find any logs which is being
forwarded by the central log master.
In both the servers where I tested, iptables is turned off. Moreover found, that the central log master is broken too.
Pl. guide me more where ,i am missing for this configuration.
Thanks again
--- On Tue, 12/9/08, Geller, Sandor (IT) <Sandor.Geller at morganstanley.com> wrote:
> From: Geller, Sandor (IT) <Sandor.Geller at morganstanley.com>
> Subject: Re: [syslog-ng] 答复: Need help to send logs to a different server
> To: "Syslog-ng users' and developers' mailing list" <syslog-ng at lists.balabit.hu>
> Date: Tuesday, December 9, 2008, 3:22 AM
> Hi,
>
> The f_everthing filter matches on all logs so it is
> redundant,
> you could omit it (using filters is optional in the log
> sections).
>
> To forward the logs to a second server the easiest would be
> to
> add the host to the everything destination like this:
>
> destination everything {
>
> file("/var/log/remotes/$HOST/$HOST-all-system.logs");
> };
> tcp(1.2.3.4 port(5));
> };
>
> Obviously replace the IP address and the port with valid
> values,
> and when the second server doesn't support tcp then you
> should
> use udp.
>
> BTW you should add the log_prefix option to your kernel
> source
> to mimic syslogd's behaviour:
>
> file("/proc/kmsg"
> log_prefix("kernel: "));
>
> hth,
>
> Sandor
>
> > -----Original Message-----
> > From: syslog-ng-bounces at lists.balabit.hu
> > [mailto:syslog-ng-bounces at lists.balabit.hu] On Behalf
> Of Lavannya
> > Sent: Monday, December 08, 2008 7:18 PM
> > To: Syslog-ng users' and developers' mailing
> list
> > Subject: Re: [syslog-ng] 答复: Need help to send
> logs to a
> > different server
> >
> > Hi Mark,
> >
> > Thanks for your reply. I am getting error whatever
> > configuration you had said. May be I need to change
> our
> > existing configuration again. Here is the central
> log
> > server configuration I am sending as attachment. Our
> central
> > log server is already configured with
> tcp(ip(0.0.0.0) ip
> > and when I am adding the new server to collect the
> log it
> > is giving error.
> >
> > - I want to add another server (this is needed for
> some
> > application )
> > to my central log server which will
> > get all the logs from the central log server.
> >
> > Pl. feel free to correct the log file and send it to
> me.
> >
> > Thanks again
> >
> >
> >
> >
> >
> > --- On Mon, 12/8/08, Marc Andersen
> <man at inspektsecurity.com> wrote:
> >
> > > From: Marc Andersen
> <man at inspektsecurity.com>
> > > Subject: Re: [syslog-ng] 答复: Need help to
> send logs to a
> > different server
> > > To: "Syslog-ng users' and
> developers' mailing list"
> > <syslog-ng at lists.balabit.hu>
> > > Date: Monday, December 8, 2008, 8:04 AM
> > > If the central syslog server is running syslog-ng
> you can
> > > just add another destination (live log server) to
> the
> > > already existing local files.
> > >
> > > log{
> > > source (udp/tcp incoming);
> > > destination(new live log server);
> > > };
> > >
> > > cheers
> > > /Marc
> > >
> > >
> > > On 07/12/08 16.03, "Lavannya"
> > > <swap_project at yahoo.com> wrote:
> > >
> > > Yes , from the client we can , but I think if
> you read
> > > my mail properly, I clearly written that my
> requirement is
> > > NOT, to get the logs from the client. I want to
> set one
> > > server , which will get all the information from
> the
> > > central log master. Yes , I know it can be done
> through
> > > ssh/rsync. But I wanted to know , if there is any
> option in
> > > syslog-ng .
> > >
> > > Thanks
> > >
> > >
> > >
> > > --- On Fri, 12/5/08, liuruihong
> > > <liuruihong at baidu.com> wrote:
> > >
> > > > From: liuruihong
> <liuruihong at baidu.com>
> > > > Subject: 答复: [syslog-ng] Need help to
> send logs to
> > > a different server
> > > > To: swap_project at yahoo.com,
> "'Syslog-ng
> > > users' and developers' mailing
> list'"
> > > <syslog-ng at lists.balabit.hu>
> > > > Date: Friday, December 5, 2008, 3:23 AM
> > > > in the client,you can define many remote log
> server
> > > > simultaneously.syslog
> > > > and syslog-ng all support this function.
> > > > You can find in the manual:)
> > > >
> > > >
> > > > 谢谢!
> > > >
> > > > 刘蕊红 |sys|6758
> > > >
> > > > -----邮件原件-----
> > > > 发件人:
> syslog-ng-bounces at lists.balabit.hu
> > > > [mailto:syslog-ng-bounces at lists.balabit.hu]
> 代表
> > > Swapna
> > > > 发送时间: 2008年12月5日 4:17
> > > > 收件人: syslog-ng at lists.balabit.hu
> > > > 主题: [syslog-ng] Need help to send logs
> to a
> > > different
> > > > server
> > > >
> > > > Hi,
> > > >
> > > >
> > > > We have syslog-ng configuration as follows:
> > > >
> > > > - There are 50 clients communicating to
> one log
> > > server
> > > >
> > > > - The log server is kept in secured
> place where
> > > nobody
> > > > have access
> > > >
> > > > - All the logs of 50 clients are
> coming to the
> > > log
> > > > server and
> > > > the logs are kept as follow
> > > >
> > > > /var/log/syslog-ng/<client
> > > > host>/extended.log
> > > >
> > > >
> > > > We want all the log of each client to
> relay into a
> > > > seperate server live.
> > > > Means the current log file of each host
> will go to
> > > the
> > > > new server
> > > > simultaneously as it is going to the
> central log
> > > server.
> > > >
> > > >
> > > > We can configure a second log server like
> the
> > > existing
> > > > one. But our
> > > > requirement is, that all the logs will be
> received
> > > from
> > > > the central log
> > > > server not from the client hosts.
> > > >
> > > > Any help is really appreciated.
> > > >
> > > > Thanks
> > > >
> > > >
> > > >
> > > >
> > > >
> > >
> >
> ______________________________________________________________
> > ______________
> > > > __
> > > > Member info:
> > > >
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> > > > Documentation:
> > > >
> > >
> http://www.balabit.com/support/documentation/?product=syslog-ng
> > > > FAQ:
> http://www.campin.net/syslog-ng/faq.html
> > >
> > >
> > >
> > >
> >
> ______________________________________________________________
> > ________________
> > > Member info:
> > >
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> > > Documentation:
> > >
> http://www.balabit.com/support/documentation/?product=syslog-ng
> > > FAQ: http://www.campin.net/syslog-ng/faq.html
> > >
> > >
> > >
> >
> ______________________________________________________________
> > ________________
> > > Member info:
> > >
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> > > Documentation:
> > >
> http://www.balabit.com/support/documentation/?product=syslog-ng
> > > FAQ: http://www.campin.net/syslog-ng/faq.html
> >
> >
> >
> --------------------------------------------------------
>
> NOTICE: If received in error, please destroy and notify
> sender. Sender does not intend to waive confidentiality or
> privilege. Use of this email is prohibited when received in
> error.
> ______________________________________________________________________________
> Member info:
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.campin.net/syslog-ng/faq.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20081211/6ac7387a/attachment-0001.htm
More information about the syslog-ng
mailing list