[syslog-ng] New on syslog-ng
Josu Lazkano
josu.lazkano at barcelonamedia.org
Fri Jun 17 11:34:24 CEST 2011
Hello list, I am new on this list. I start working on a IT department and I need to update and check the actual syslog system.
We have more than 50 Ubuntu servers, locals and remotes, on each servers there is rsyslog installed and configured this way:
$ cat /etc/rsyslog.d/99-rsyslog.conf
auth.*,authpriv.* @logserver
kern.warn @logserver
kern.err @logserver
mail.* @logserver
There is server (logserver) with syslog-ng to manage and save all logs. It receive on UDP port without secure, this the source section on syslog-ng configuration:
source s_all {
internal();
unix-stream("/dev/log");
file("/proc/kmsg" log_prefix("kernel: "));
};
source logs_externs{
udp();
};
I have some questions about how to secure it:
1. How can I secure the logs on the net? I must use TCP to secure?
2. I have lot of data (5-10GB at week) to store, which is the best method to manage it? Logrotate? Scripts? I want to move logs to NAS monthly.
3. Is it a good idea to make files for each host and services? Something like: /var/log/host1/auth.log, /var/log/host2/auth.log, /var/log/host1/mail.log, /var/log/host2/mail.log
These are my newby questions, thanks for all your help and best regards.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20110617/9bfd4ce6/attachment.htm
More information about the syslog-ng
mailing list