[syslog-ng] 1st post on some basic 101 setup
lance raymond
lance.raymond at gmail.com
Wed Jan 28 22:23:06 CET 2009
Basic scenario is we have 5 web servers in a cluster which I wish to
centrally log. I was pointed to syslog-ng and the linuxquestions guys 50+
readings and not 1 response so found this list and will give it a try.
Basically all the webservers are running FC5, and rpm -qa shows the
following version;
syslog-ng-1.6.12-1.fc5
I see some newer versions, not sure if I should/have to, but really just
want to log the different vhosts apache logs to a central server. I read a
few diff things a few places, and so far have the following conf files.
*Server.conf*
options {
sync (0);
time_reopen (10);
log_fifo_size (1000);
long_hostnames (off);
use_dns (no);
use_fqdn (no);
create_dirs (no);
keep_hostname (yes);
};
source s_sys {
file ("/proc/kmsg" log_prefix("kernel: "));
unix-stream ("/dev/log");
internal();
udp(ip(0.0.0.0) port(514));
};
destination send_http_logs { file("/var/log/web.log"); };
filter send_http_logs {
program("httpd.*");
};
log {
source(s_sys);
filter(send_http_logs);
destination(send_http_logs);
};
*Client.conf*
options {
sync (0);
time_reopen (10);
log_fifo_size (1000);
long_hostnames (off);
use_dns (no);
use_fqdn (no);
create_dirs (no);
keep_hostname (yes);
};
source s_sys {
file ("/proc/kmsg" log_prefix("kernel: "));
unix-stream ("/dev/log");
internal();
# udp(ip(0.0.0.0) port(514));
};
destination send_http_logs { udp("192.168.2.54" port(514)); };
filter send_http_logs {
program("httpd.*");
};
log {
source(s_sys);
filter(send_http_logs);
destination(send_http_logs);
};
I restart the services and look for that web.log file and never see
anything, so any help is appreciated.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20090128/bdffd17c/attachment.htm
More information about the syslog-ng
mailing list