[syslog-ng] New on syslog-ng

Josu Lazkano josu.lazkano at barcelonamedia.org
Mon Jun 20 11:58:25 CEST 2011


-----Mensaje original-----
De: syslog-ng-bounces at lists.balabit.hu [mailto:syslog-ng-bounces at lists.balabit.hu] En nombre de Gergely Nagy
Enviado el: viernes, 17 de junio de 2011 12:31
Para: Syslog-ng users' and developers' mailing list
Asunto: Re: [syslog-ng] New on syslog-ng

Hi!

> 1.  How can I secure the logs on the net? I must use TCP to secure?

Not neccessarily, but TCP + SSL is the easiest route in my opinion.

> 2.  I have lot of data (5-10GB at week) to store, which is the best
> method to manage it? Logrotate? Scripts? I want to move logs to NAS
> monthly.

Logrotate is one option, but you can tell syslog-ng to put the date in
the log file's name aswell, thus you get automatic 'rotation'.

Something like this:

destination d_dated {
  file("/var/log/messages-${YEAR}-${MONTH}.log");
};

Then you can safely move the past months' logs to NAS, as syslog-ng will
not write to them anymore.

You can even do stuff like this:

destination d_example {
  file("/var/log/split/${YEAR}-${MONTH}/${HOST}/messages.log");
};

Which will result in files like
"/var/log/split/2011-06/example.local/messages.log".

> 3.  Is it a good idea to make files for each host and services?
> Something like: /var/log/host1/auth.log, /var/log/host2/auth.log,
> /var/log/host1/mail.log, /var/log/host2/mail.log

That depends on what you want to do with the logs. If it's easier to
archive/process/whatever them if they're split by host, then by all
means, split them.

If you only want to archive the logs, and hardly ever look at them, then
it might be easier to just place them in a single file.

-- 
|8]

Thanks for the reply, I will find more info about TCP and SSL, is possible to make it working with rsyslog on the client side? Do you have any example configuration for the TCP+SSL?


Thank you very much for your help, kind regards.


More information about the syslog-ng mailing list