No subject
Mon Jun 16 21:29:23 CEST 2008
only start syslog-ng, yet on the client side I have the following running;
root 1607 0.0 0.0 6216 904 ? Ss 2008 0:46 syslogd -m
0
root 19596 0.0 0.0 7364 584 ? Ss 14:06 0:00
/sbin/syslog-ng -p /var/run/syslogd.pid
the server has the following process running;
root 18182 0.0 0.0 7368 684 ? Ss 14:06 0:00
/sbin/syslog-ng -p /var/run/syslogd.pid
now there is a web.log file with a Jan23 date (I think I created by hand)
but nothing has changed. And... the client machine is still logging
locally. The servers all run 5 websites, I don't think I can break out the
logs separately in the vhost config accross to 5 different files can I?
Thats ok as I can parse them later, but right now I am getting nothing on
the server. The vhost logging on the client looks like this;
CustomLog /home/mcp/local/apache2/logs/www.domain.com-access_log
combined
ErrorLog /home/mcp/local/apache2/logs/www.domain.com-error_log
Does anything there have to change and/or will the local stop logging?
Thanks again.
On Thu, Jan 29, 2009 at 2:14 AM, Chanchal Verma <cverma2 at csc.com> wrote:
>
> Hi,
>
> Here is modified configuration file for central logging. I have tested it
> working in my environment.
>
> *Server.conf*
>
> #################################################################
> source s_remote { tcp(); };
> ## This will create seprate file for each client on central log server and
> log http messages
> destination d_clients { file("/var/adm/web.$HOST.log"); };
> log { source(s_remote); destination(d_clients); };
> #################################################################
>
> options {
> sync (0);
> time_reopen (10);
> log_fifo_size (1000);
> long_hostnames (off);
> use_dns (no);
> use_fqdn (no);
> create_dirs (no);
> keep_hostname (yes);
> };
>
> source s_sys {
> file ("/proc/kmsg" log_prefix("kernel: "));
> unix-stream ("/dev/log");
> internal();
> #udp(ip(0.0.0.0) port(514));
> };
>
> ## This will log local http messages to defined file
> destination send_http_logs { file("/var/log/web.log"); };
>
> filter send_http_logs {
> program("httpd.*");
> };
>
> log {
> source(s_sys);
> filter(send_http_logs);
> destination(send_http_logs);
> };
> *
> Client.conf*
>
> options {
> sync (0);
> time_reopen (10);
>
> log_fifo_size (1000);
> long_hostnames(on);
> use_dns(yes);
> dns_cache(yes);
> use_fqdn(no);
> create_dirs (yes);
> keep_hostname (yes);
> perm(0640);
> dir_perm(0750);
> };
>
> source s_sys {
> file ("/proc/kmsg" log_prefix("kernel: "));
> unix-stream ("/dev/log");
> internal();
> };
> destination send_http_logs { tcp("192.168.2.54" port(514)); };
>
> filter send_http_logs {
> program("httpd.*");
> };
>
> log {
> source(s_sys);
> filter(send_http_logs);
> destination(send_http_logs);
> };
>
>
> Hope this will work for you.
>
> --
> Chanchal
>
>
>
> *lance raymond <lance.raymond at gmail.com>*
> Sent by: syslog-ng-bounces at lists.balabit.hu
>
> 01/29/2009 02:53 AM
> Please respond to
> "Syslog-ng users' and developers' mailing list" <
> syslog-ng at lists.balabit.hu>
>
> To
> syslog-ng at lists.balabit.hu cc
> Subject
> [syslog-ng] 1st post on some basic 101 setup
>
>
>
>
> Basic scenario is we have 5 web servers in a cluster which I wish to
> centrally log. I was pointed to syslog-ng and the linuxquestions guys 50+
> readings and not 1 response so found this list and will give it a try.
>
> Basically all the webservers are running FC5, and rpm -qa shows the
> following version;
> syslog-ng-1.6.12-1.fc5
>
> I see some newer versions, not sure if I should/have to, but really just
> want to log the different vhosts apache logs to a central server. I read a
> few diff things a few places, and so far have the following conf files.
> *
> Server.conf*
> options {
> sync (0);
> time_reopen (10);
> log_fifo_size (1000);
> long_hostnames (off);
> use_dns (no);
> use_fqdn (no);
> create_dirs (no);
> keep_hostname (yes);
> };
>
> source s_sys {
> file ("/proc/kmsg" log_prefix("kernel: "));
> unix-stream ("/dev/log");
> internal();
> udp(ip(0.0.0.0) port(514));
> };
>
> destination send_http_logs { file("/var/log/web.log"); };
>
> filter send_http_logs {
> program("httpd.*");
> };
>
> log {
> source(s_sys);
> filter(send_http_logs);
> destination(send_http_logs);
> };
> *
> Client.conf*
>
> options {
> sync (0);
> time_reopen (10);
> log_fifo_size (1000);
> long_hostnames (off);
> use_dns (no);
> use_fqdn (no);
> create_dirs (no);
> keep_hostname (yes);
> };
>
> source s_sys {
> file ("/proc/kmsg" log_prefix("kernel: "));
> unix-stream ("/dev/log");
> internal();
> # udp(ip(0.0.0.0) port(514));
> };
>
> destination send_http_logs { udp("192.168.2.54" port(514)); };
>
> filter send_http_logs {
> program("httpd.*");
> };
>
> log {
> source(s_sys);
> filter(send_http_logs);
> destination(send_http_logs);
> };
>
> I restart the services and look for that web.log file and never see
> anything, so any help is appreciated.
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
>
>
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
>
>
>
--0015175cba50aa078b046232917b
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Finally returned to work and naturally jumped right on this project. &=
nbsp; Well I used the below code, and tried and it's not working. =
I am not sure on a few things, but the code below (client / server) are co=
py/pasted (I do see my primary logging server address there) so nothing els=
e should need to be changed.<br>
<br>From what I read, syslog should not be running, so I did stop syslog an=
d only start syslog-ng, yet on the client side I have the following running=
;<br>root 1607 0.0 0.0  =
; 6216 904 ? Ss =
2008 0:46 syslogd -m 0<br>
root 19596 0.0 0.0 7364&nbs=
p; 584 ? Ss 14:=
06 0:00 /sbin/syslog-ng -p /var/run/syslogd.pid<br><br>the serv=
er has the following process running;<br>root 18182=
0.0 0.0 7368 684 ? &n=
bsp; Ss 14:06 0:00 /sbin/syslog-n=
g -p /var/run/syslogd.pid<br>
<br>now there is a web.log file with a Jan23 date (I think I created by han=
d) but nothing has changed. And... the client machine is still loggin=
g locally. The servers all run 5 websites, I don't think I can br=
eak out the logs separately in the vhost config accross to 5 different file=
s can I? Thats ok as I can parse them later, but right now I am getti=
ng nothing on the server. The vhost logging on the client looks like =
this;<br>
CustomLog /home/mcp/local/apache2/logs/www.domain.com-ac=
cess_log combined<br> ErrorLog /home/mcp/local/apac=
he2/logs/www.domain.com-error_log<br><br>Does anything there have to change=
and/or will the local stop logging?<br>
<br>Thanks again.<br><br><div class=3D"gmail_quote">On Thu, Jan 29, 2009 at=
2:14 AM, Chanchal Verma <span dir=3D"ltr"><<a href=3D"mailto:cverma2 at cs=
c.com" target=3D"_blank">cverma2 at csc.com</a>></span> wrote:<br><blockquo=
te class=3D"gmail_quote" style=3D"border-left: 1px solid rgb(204, 204, 204)=
; margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<br><font size=3D"3">Hi,</font>
<br>
<br><font size=3D"3">Here is modified configuration file for central loggin=
g.
I have tested it working in my environment.</font>
<br>
<br><font size=3D"3"><b>Server.conf</b><br>
</font>
<br><font size=3D"3">######################################################=
###########</font>
<br><font size=3D"3">source s_remote { tcp(); };</font>
<br><font size=3D"3">## This will create seprate file for each client on ce=
ntral
log server and log http messages</font>
<br><font size=3D"3">destination d_clients { file("/var/adm/web.$HOST.=
log");
};</font>
<br><font size=3D"3">log { source(s_remote); destination(d_clients); };</fo=
nt>
<br><font size=3D"3">######################################################=
###########</font>
<br><div>
<br><font size=3D"3">options {<br>
sync (0);<br>
time_reopen (10);<br>
log_fifo_size (1000);<br>
long_hostnames (off);<br>
use_dns (no);<br>
use_fqdn (no);<br>
create_dirs (no);<br>
keep_hostname (yes);<br>
};<br>
<br>
source s_sys {<br>
file ("/proc/kmsg" log_prefix("kernel: "));<br>
unix-stream ("/dev/log");<br>
internal();<br>
#udp(ip(0.0.0.0) port(514));<br>
};<br>
</font>
<br></div><font size=3D"3">## This will log local http messages to defined =
file<div><br>
destination send_http_logs { file("/var/log/web.log"); };<br>
<br>
filter send_http_logs {<br>
program("httpd.*");<br>
};<br>
<br>
log {<br>
source(s_sys);<br>
filter(send_http_logs);<br>
destination(send_http_logs);<br>
};<br>
<b><br>
Client.conf</b><br>
<br>
options {<br>
sync (0);<br>
time_reopen (10);</div></font>
<br><font size=3D"3"> log_fifo_size (1000=
);</font>
<br><font size=3D"3"> long_hostnames(on);=
</font>
<br><font size=3D"3"> use_dns(yes);</font=
>
<br><font size=3D"3"> dns_cache(yes);</fo=
nt>
<br><font size=3D"3"> use_fqdn(no);</font=
>
<br><font size=3D"3"> create_dirs (yes);<=
/font>
<br><font size=3D"3"> keep_hostname (yes)=
;</font>
<br><font size=3D"3"> perm(0640);</font>
<br><font size=3D"3"> dir_perm(0750);<div=
><br>
};<br>
<br>
source s_sys {<br>
file ("/proc/kmsg" log_prefix("kernel: ")=
);<br>
unix-stream ("/dev/log");<br>
internal();<br></div>
};</font>
<br><font size=3D"3">destination send_http_logs { tcp("192.168.2.54&qu=
ot;
port(514)); };<div><br>
<br>
filter send_http_logs {<br>
program("httpd.*");<br>
};<br>
<br>
log {<br>
source(s_sys);<br>
filter(send_http_logs);<br>
destination(send_http_logs);<br>
};<br>
</div></font>
<br>
<br><font size=3D"3">Hope this will work for you.</font>
<br>
<br><font size=3D"2" face=3D"sans-serif">--<br>
Chanchal<br>
</font>
<br>
<br>
<br>
<table width=3D"100%">
<tbody><tr valign=3D"top">
<td width=3D"40%"><font size=3D"1" face=3D"sans-serif"><b>lance raymond <=
;<a href=3D"mailto:lance.raymond at gmail.com" target=3D"_blank">lance.raymond=
@gmail.com</a>></b>
</font>
<br><font size=3D"1" face=3D"sans-serif">Sent by: <a href=3D"mailto:syslog-=
ng-bounces at lists.balabit.hu" target=3D"_blank">syslog-ng-bounces at lists.bala=
bit.hu</a></font>
<p><font size=3D"1" face=3D"sans-serif">01/29/2009 02:53 AM</font>
</p><table border=3D"1">
<tbody><tr valign=3D"top">
<td bgcolor=3D"white">
<div align=3D"center"><font size=3D"1" face=3D"sans-serif">Please respond t=
o<br>
"Syslog-ng users' and developers' mailing list" &n=
bsp;
<<a href=3D"mailto:syslog-ng at lists.balabit.hu" target=3D"_b=
lank">syslog-ng at lists.balabit.hu</a>></font></div></td></tr></tbody></ta=
ble>
<br>
</td><td width=3D"59%">
<table width=3D"100%">
<tbody><tr valign=3D"top">
<td>
<div align=3D"right"><font size=3D"1" face=3D"sans-serif">To</font></div>
</td><td><font size=3D"1" face=3D"sans-serif"><a href=3D"mailto:syslog-ng at l=
ists.balabit.hu" target=3D"_blank">syslog-ng at lists.balabit.hu</a></font>
</td></tr><tr valign=3D"top">
<td>
<div align=3D"right"><font size=3D"1" face=3D"sans-serif">cc</font></div>
</td><td>
</td></tr><tr valign=3D"top">
<td>
<div align=3D"right"><font size=3D"1" face=3D"sans-serif">Subject</font></d=
iv>
</td><td><font size=3D"1" face=3D"sans-serif">[syslog-ng] 1st post on some =
basic 101
setup</font></td></tr></tbody></table>
<br>
<table>
<tbody><tr valign=3D"top">
<td>
</td><td></td></tr></tbody></table>
<br></td></tr></tbody></table>
<br>
<br>
<br><font size=3D"3"><div><div></div><div>Basic scenario is we have 5 web s=
ervers in a cluster which
I wish to centrally log. I was pointed to syslog-ng and the linuxques=
tions
guys 50+ readings and not 1 response so found this list and will give it
a try.<br>
<br>
Basically all the webservers are running FC5, and rpm -qa shows the followi=
ng
version;<br>
syslog-ng-1.6.12-1.fc5<br>
<br>
I see some newer versions, not sure if I should/have to, but really just
want to log the different vhosts apache logs to a central server. I
read a few diff things a few places, and so far have the following conf
files. <br>
<b><br>
Server.conf</b><br>
options {<br>
sync (0);<br>
time_reopen (10);<br>
log_fifo_size (1000);<br>
long_hostnames (off);<br>
use_dns (no);<br>
use_fqdn (no);<br>
create_dirs (no);<br>
keep_hostname (yes);<br>
};<br>
<br>
source s_sys {<br>
file ("/proc/kmsg" log_prefix("kernel: "));<br>
unix-stream ("/dev/log");<br>
internal();<br>
udp(ip(0.0.0.0) port(514));<br>
};<br>
<br>
destination send_http_logs { file("/var/log/web.log"); };<br>
<br>
filter send_http_logs {<br>
program("httpd.*");<br>
};<br>
<br>
log {<br>
source(s_sys);<br>
filter(send_http_logs);<br>
destination(send_http_logs);<br>
};<br>
<b><br>
Client.conf</b><br>
<br>
options {<br>
sync (0);<br>
time_reopen (10);<br>
log_fifo_size (1000);<br>
long_hostnames (off);<br>
use_dns (no);<br>
use_fqdn (no);<br>
create_dirs (no);<br>
keep_hostname (yes);<br>
};<br>
<br>
source s_sys {<br>
file ("/proc/kmsg" log_prefix("kernel: ")=
);<br>
unix-stream ("/dev/log");<br>
internal();<br>
# udp(ip(0.0.0.0) port(514));<br>
};<br>
<br>
destination send_http_logs { udp("192.168.2.54" port(514)); };<br=
>
<br>
filter send_http_logs {<br>
program("httpd.*");<br>
};<br>
<br>
log {<br>
source(s_sys);<br>
filter(send_http_logs);<br>
destination(send_http_logs);<br>
};<br>
<br></div></div>
I restart the services and look for that web.log file and never see anythin=
g,
so any help is appreciated.</font><font size=3D"2"><tt>____________________=
__________________________________________________________<br>
Member info: <a href=3D"https://lists.balabit.hu/mailman/listinfo/syslog-ng=
" target=3D"_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a>=
<br>
Documentation: <a href=3D"http://www.balabit.com/support/documentation/?pro=
duct=3Dsyslog-ng" target=3D"_blank">http://www.balabit.com/support/document=
ation/?product=3Dsyslog-ng</a><br>
FAQ: <a href=3D"http://www.campin.net/syslog-ng/faq.html" target=3D"_blank"=
>http://www.campin.net/syslog-ng/faq.html</a><br>
<br>
</tt></font>
<br><br>___________________________________________________________________=
___________<br>
Member info: <a href=3D"https://lists.balabit.hu/mailman/listinfo/syslog-ng=
" target=3D"_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a>=
<br>
Documentation: <a href=3D"http://www.balabit.com/support/documentation/?pro=
duct=3Dsyslog-ng" target=3D"_blank">http://www.balabit.com/support/document=
ation/?product=3Dsyslog-ng</a><br>
FAQ: <a href=3D"http://www.campin.net/syslog-ng/faq.html" target=3D"_blank"=
>http://www.campin.net/syslog-ng/faq.html</a><br>
<br>
<br></blockquote></div><br>
--0015175cba50aa078b046232917b--
More information about the syslog-ng
mailing list