[syslog-ng] How to manage the Syslog-NG messages coming from different sites? Each sites has their Syslog-NG clients?
Hendrik Visage
hvjunk at gmail.com
Wed Aug 3 15:11:54 CEST 2011
No, I think he needs a way to distinguish be site1 and site2, where
site1 have servera/serverc/serverf, and site2 have
serverb/serverd/servere/serveri
I would consider the chain_hostnames() option on the relay/site-syslog server
On Wed, Aug 3, 2011 at 2:51 PM, Clayton Dukes <cdukes at gmail.com> wrote:
> Hi Marcos,
> Are you saying that the recieving server is not keeping the original
> hostname?
> If so, just use keep_hostname(yes); in your global options.
>
> Here are my settings:
> options {
> long_hostnames(off);
> # doesn't actually help on Solaris, log(3) truncates at 1024 chars
> log_msg_size(8192);
> # buffer just a little for performance
> flush_lines(1);
> # memory is cheap, buffer messages unable to write (like to loghost)
> log_fifo_size(16384);
> # The time to wait before a dead connection is reestablished (seconds)
> time_reopen(10);
> #Use DNS so that our good names are used, not hostnames
> use_dns(yes);
> dns_cache(yes);
> #Use the whole DNS name
> use_fqdn(yes);
> keep_hostname(yes);
> chain_hostnames(no);
> #Read permission for everyone
> perm(0644);
> };
>
>
>
> ______________________________________________________________
>
> Clayton Dukes
> ______________________________________________________________
>
>
> On Wed, Aug 3, 2011 at 6:20 AM, Marcos Tang <marcostang2002 at yahoo.com>
> wrote:
>>
>> Hi,
>> I have a problem to manage the Syslog-NG messages sending from different
>> Syslog-NG clients at different remote sites.
>> For example, I have 10 sites (site1, site2, site3 to site 10) running
>> Syslog-NG clients. Each site has one Syslog-NG server and all the Syslog
>> messages will be forwarded to the centralized Syslog-NG server and insert
>> into the MySQL database at the headquarter finally.
>> Now, I can see all the Syslog messages at the headquarter MySQL database;
>> but it is hard for me to manage them.
>> For example, if I know the hostname of a particular host, I can query the
>> MySQL database to search for the Syslog related to that host. However, if I
>> want to know the Syslog messages coming from a particular site such as
>> "site1", how can I do that? There is no "site1" information inside the
>> Syslog messages.
>> I am thinking if I can modify the Syslog-NG configuration file such that I
>> can add some information such as "site1" and make it as part of the Syslog
>> messages, I can query the MySQL database for "site1" pattern. But I am not
>> sure if I can do that or not.
>> If you have any suggestions/ideas, please let me know that.
>>
>> Regards,
>> Marcos
>>
>> ______________________________________________________________________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation:
>> http://www.balabit.com/support/documentation/?product=syslog-ng
>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>
>>
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
>
More information about the syslog-ng
mailing list