[syslog-ng] New on syslog-ng
Gergely Nagy
algernon at balabit.hu
Fri Jun 17 12:30:53 CEST 2011
Hi!
> 1. How can I secure the logs on the net? I must use TCP to secure?
Not neccessarily, but TCP + SSL is the easiest route in my opinion.
> 2. I have lot of data (5-10GB at week) to store, which is the best
> method to manage it? Logrotate? Scripts? I want to move logs to NAS
> monthly.
Logrotate is one option, but you can tell syslog-ng to put the date in
the log file's name aswell, thus you get automatic 'rotation'.
Something like this:
destination d_dated {
file("/var/log/messages-${YEAR}-${MONTH}.log");
};
Then you can safely move the past months' logs to NAS, as syslog-ng will
not write to them anymore.
You can even do stuff like this:
destination d_example {
file("/var/log/split/${YEAR}-${MONTH}/${HOST}/messages.log");
};
Which will result in files like
"/var/log/split/2011-06/example.local/messages.log".
> 3. Is it a good idea to make files for each host and services?
> Something like: /var/log/host1/auth.log, /var/log/host2/auth.log,
> /var/log/host1/mail.log, /var/log/host2/mail.log
That depends on what you want to do with the logs. If it's easier to
archive/process/whatever them if they're split by host, then by all
means, split them.
If you only want to archive the logs, and hardly ever look at them, then
it might be easier to just place them in a single file.
--
|8]
More information about the syslog-ng
mailing list