[syslog-ng] How to configure client and host server

Gergely Nagy algernon at balabit.com
Thu May 10 10:12:49 UTC 2018 

>>>>> "vinod" == vinod samant <vinod.samant.123 at gmail.com> writes:

    vinod> 2. I want to store these logs of 20 web servers on a centralised server at
    vinod> real time and we  do not want to change logs file and format . Is this
    vinod> possible?

Yes, it is possible.

    vinod> 3. I want to make 20 web server as client server and centralised server (as
    vinod> host server).

    vinod> Here ,I can not understand from documentation ,So Can  you provide the
    vinod> configuration for both side client and host side ?

Assuming that you want to store these logs only, and not any other logs,
you can find a sample below:

------------------------------ * client * ------------------------------

@version: 3.15

source s_apache_logs {
  wildcard-file(
    base-dir("/usr/local/apache/logs")
    filename-pattern("*access*.log")
    flags(no-parse)
  );
};

source s_php_logs {
  wildcard-file(
    base-dir("/usr/local/apache/logs")
    filename-pattern("*.txt")
    flags(no-parse);
  );
};

destination d_central {
  network("192.168.122.61" template("$(basename ${FILE_NAME}),${MSG}\n"));
};

log {
 source(s_apache_logs);
 source(s_php_logs);
 destination(d_central);
};

------------------------------ * server * ------------------------------

@version: 3.15

source s_net {
  network(flags(no-parse));
};

parser p_apache {
  csv-parser(
    columns("apache.FILE_NAME", "apache.MESSAGE");
    flags(greedy);
  );
};

destination d_central_apache {
  file("/usr/local/apache/logs/${apache.FILE_NAME}"
       template("${apache.MESSAGE}\n"));
};

log {
  source(s_net);
  parser(p_apache);
  destination(d_central_apache);
};

------------------------------ * end * ------------------------------

You may need to change these a little, if your PHP logs are not under
/usr/local/apache/logs, for example. Or if you want to use TCP instead
of UDP, or if you want TLS for transport. If you want to use syslog-ng
for other kinds of logs as well, you will need to add that to the
configuration as well. Please consult the documentation and numerous
HOWTOs available online for hints.

There are other ways to accomplish the same thing, this one is
reasonably simple and performant.

-- 
|8]

More information about the syslog-ng mailing list