Re: 答复: Need help to send logs to a different server
Lavannya <swap_project <at> yahoo.com>
2008-12-08 18:18:10 GMT
Hi Mark,
Thanks for your reply. I am getting error whatever configuration you had said. May be I need to change our
existing configuration again. Here is the central log server configuration I am sending as attachment.
Our central log server is already configured with tcp(ip(0.0.0.0) ip and when I am adding the new server to
collect the log it is giving error.
- I want to add another server (this is needed for some application )
to my central log server which will
get all the logs from the central log server.
Pl. feel free to correct the log file and send it to me.
Thanks again
--- On Mon, 12/8/08, Marc Andersen <man <at> inspektsecurity.com> wrote:
> From: Marc Andersen <man <at> inspektsecurity.com>
> Subject: Re: [syslog-ng] 答复: Need help to send logs to a different server
> To: "Syslog-ng users' and developers' mailing list" <syslog-ng <at> lists.balabit.hu>
> Date: Monday, December 8, 2008, 8:04 AM
> If the central syslog server is running syslog-ng you can
> just add another destination (live log server) to the
> already existing local files.
>
> log{
> source (udp/tcp incoming);
> destination(new live log server);
> };
>
> cheers
> /Marc
>
>
> On 07/12/08 16.03, "Lavannya"
> <swap_project <at> yahoo.com> wrote:
>
> Yes , from the client we can , but I think if you read
> my mail properly, I clearly written that my requirement is
> NOT, to get the logs from the client. I want to set one
> server , which will get all the information from the
> central log master. Yes , I know it can be done through
> ssh/rsync. But I wanted to know , if there is any option in
> syslog-ng .
>
> Thanks
>
>
>
> --- On Fri, 12/5/08, liuruihong
> <liuruihong <at> baidu.com> wrote:
>
> > From: liuruihong <liuruihong <at> baidu.com>
> > Subject: 答复: [syslog-ng] Need help to send logs to
> a different server
> > To: swap_project <at> yahoo.com, "'Syslog-ng
> users' and developers' mailing list'"
> <syslog-ng <at> lists.balabit.hu>
> > Date: Friday, December 5, 2008, 3:23 AM
> > in the client,you can define many remote log server
> > simultaneously.syslog
> > and syslog-ng all support this function.
> > You can find in the manual:)
> >
> >
> > 谢谢!
> >
> > 刘蕊红 |sys|6758
> >
> > -----邮件原件-----
> > 发件人: syslog-ng-bounces <at> lists.balabit.hu
> > [mailto:syslog-ng-bounces <at> lists.balabit.hu] 代表
> Swapna
> > 发送时间: 2008年12月5日 4:17
> > 收件人: syslog-ng <at> lists.balabit.hu
> > 主题: [syslog-ng] Need help to send logs to a
> different
> > server
> >
> > Hi,
> >
> >
> > We have syslog-ng configuration as follows:
> >
> > - There are 50 clients communicating to one log
> server
> >
> > - The log server is kept in secured place where
> nobody
> > have access
> >
> > - All the logs of 50 clients are coming to the
> log
> > server and
> > the logs are kept as follow
> >
> > /var/log/syslog-ng/<client
> > host>/extended.log
> >
> >
> > We want all the log of each client to relay into a
> > seperate server live.
> > Means the current log file of each host will go to
> the
> > new server
> > simultaneously as it is going to the central log
> server.
> >
> >
> > We can configure a second log server like the
> existing
> > one. But our
> > requirement is, that all the logs will be received
> from
> > the central log
> > server not from the client hosts.
> >
> > Any help is really appreciated.
> >
> > Thanks
> >
> >
> >
> >
> >
> ____________________________________________________________________________
> > __
> > Member info:
> > https://lists.balabit.hu/mailman/listinfo/syslog-ng
> > Documentation:
> >
> http://www.balabit.com/support/documentation/?product=syslog-ng
> > FAQ: http://www.campin.net/syslog-ng/faq.html
>
>
>
> ______________________________________________________________________________
> Member info:
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
>
>
> ______________________________________________________________________________
> Member info:
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
# Begin /etc/syslog-ng/syslog-ng.conf
options { sync (0);
time_reopen (10);
log_fifo_size (1000);
long_hostnames(off);
use_dns (yes);
use_fqdn (no);
create_dirs (yes);
keep_hostname (yes);
};
source src { unix-stream("/dev/log");
internal();
pipe("/proc/kmsg");
};
source remotetcp { tcp(ip(0.0.0.0) port(514) max-connections(600)); };
source remoteudp { udp(); };
# Remote Logging
##########################
destination everything { file("/var/log/remotes/$HOST/$HOST-all-system.logs"); };
filter f_everything { level(debug..emerg); };
log { source(remotetcp); filter(f_everything); destination(everything); };
log { source(remoteudp); filter(f_everything); destination(everything); };
destination authpriv { file("/var/log/remotes/$HOST/$HOST-authpriv.log"); };
filter f_authpriv { facility(authpriv); };
log { source(remotetcp); filter(f_authpriv); destination(authpriv); };
log { source(remoteudp); filter(f_authpriv); destination(authpriv); };
destination auth { file("/var/log/remotes/$HOST/$HOST-auth.log"); };
filter f_auth { facility(auth); };
log { source(remotetcp); filter(f_auth); destination(auth); };
log { source(remoteudp); filter(f_auth); destination(auth); };
# Local Destinations
#####################
destination syslog { file("/var/log/syslog.log"); };
destination messages { file("/var/log/messages.log"); };
destination auth { file("/var/log/auth.log"); };
destination authpriv { file("/var/log/authpriv.log"); };
destination cron { file("/var/log/cron.log"); };
destination kernel { file("/var/log/kernel.log"); };
destination daemon { file("/var/log/daemon.log"); };
destination lpr { file("/var/log/lpr.log"); };
destination mail { file("/var/log/mail.log"); };
destination debug { file("/var/log/debug.log"); };
#
destination console { usertty("root"); };
destination console_all { file("/dev/tty12"); };
# Local Filters
###############
filter f_syslog { not facility(authpriv, auth, mail); };
filter f_messages { level(info..warn) and not facility(auth, authpriv, mail, news); };
filter f_auth { facility(auth); };
filter f_authpriv { facility(auth, authpriv); };
filter f_cron { facility(cron); };
filter f_daemon { facility(daemon); };
filter f_kernel { facility(kern); };
filter f_lpr { facility(lpr); };
filter f_mail { facility(mail); };
filter f_debug { not facility(auth, authpriv, news, mail); };
#
#
filter f_emergency { level(emerg); };
filter f_info { level(info); };
filter f_notice { level(notice); };
filter f_warn { level(warn); };
filter f_crit { level(crit); };
filter f_err { level(err); };
# Local Log
############
log { source(src); filter(f_syslog); destination(syslog); };
log { source(src); filter(f_messages); destination(messages); };
log { source(src); filter(f_auth); destination(auth); };
log { source(src); filter(f_authpriv); destination(authpriv); };
log { source(src); filter(f_cron); destination(cron); };
log { source(src); filter(f_kernel); destination(kernel); };
log { source(src); filter(f_daemon); destination(daemon); };
log { source(src); filter(f_lpr); destination(lpr); };
log { source(src); filter(f_mail); destination(mail); };
log { source(src); filter(f_debug); destination(debug); };
#
#
log { source(src); filter(f_emergency); destination(console); };
log { source(src); destination(console_all); };
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.campin.net/syslog-ng/faq.html
RSS Feed