[syslog-ng] change rsyslog for syslog-ng

Josu Lazkano josu.lazkano at barcelonamedia.org
Wed Jun 22 17:50:18 CEST 2011 

Hello list, I am learning how to get a syslog server with syslog-ng.

I started working on a IT department and I have more than 50 servers, we actually has rsyslog on the client side and syslog-ng on the syslog server.

I want to change the client side rsyslog to configure it with syslog-ng. On the server side I read lot of documentation and I know how to configure it (source, destination and filter).

I want to get  this logs on the client side and send to the syslog server on a TCP+SSL:

/var/log/auth.log
/var/log/daemon.log
/var/log/dmesg
/var/log/messages
/var/log/syslog

I want to get on the server side something like this:

/var/log/extern/host1/auth.log
/var/log/extern/host1/ daemon.log
/var/log/extern/host1/ dmesg
/var/log/extern/host1/ messages
/var/log/extern/host1/ syslog

/var/log/extern/host2/auth.log
/var/log/extern/host2/ daemon.log
/var/log/extern/host2/ dmesg
/var/log/extern/host2/ messages
/var/log/extern/host2/ syslog

...

/var/log/extern/hostn/auth.log
/var/log/extern/hostn/ daemon.log
/var/log/extern/hostn/ dmesg
/var/log/extern/hostn/ messages
/var/log/extern/hostn/ syslog

On the past post you help me and I have how to get It on the server side for the TCP+SSL:


source s_tcptls {

  tcp (ip("10.200.42.1")

        port(10514)

        tls(

          peer-verify(require-trusted)

          ca_dir("/etc/syslog-ng/certs/")

          key_file("/etc/syslog-ng/certs/server.key")

          cert_file("/etc/syslog-ng/certs/server.crt")

        )

   );

};

I have some questions:


1.       Must I uninstall rsyslog before install syslog-ng?

2.       How can I configure the client side to send my logs to the server and to save on the local /var/log/?

3.       Is there any client limit on syslog-ng?

I will try to read and learn as much as I can, I will appreciate your help.

Thanks for your job and best regards.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20110622/a617ed56/attachment.htm

More information about the syslog-ng mailing list