Skip to main content

Log Server using Syslog

Log Server Setup

Allow remote machines to Log

# vi /etc/sysconfig/syslog
Replaced
SYSLOGD_OPTIONS="-m 0"
with
SYSLOGD_OPTIONS="-rm 0"

Setup Log Rotation Policy
# vi /etc/logrotate.conf
daily
# keep 7 days worth of backlogs
rotate 7
# create new (empty) log files after rotating old ones
create
# uncomment this if you want your log files compressed
compress
# RPM packages drop log rotation information into this directory
include /etc/logrotate.d
# no packages own wtmp -- we'll rotate them here
/var/log/wtmp {
monthly
create 0664 root utmp
rotate 1
}

Customize Log types and log destination

# vi /etc/syslog.conf
local7.* /var/log/apache_error_log
local1.info /var/log/apache_access_log

Restart Syslogd to take effect of the changes made

# /etc/init.d/syslog restart

Client Configurations

1.RHEL5

# vi /etc/syslog.conf
*.* @192.168.0.111

Restart Syslog
# /etc/init.d/syslog restart

Log files Replicated
All those logs handled by Syslog daemon
For example
messages
audit/audit.log
boot.log
cron.log
secure

2.OpenBSD
# vi /etc/syslog.conf
*.* @192.168.0.111
# reboot

In the Server 's /etc/syslog.conf added the following
auth.info /var/log/OpenBSD_authlog
daemon.info /var/log/OpenBSD_daemon

# /etc/init.d/syslog restart

Log files Replicated
authlog
messages
daemon

3.OpenSolaris
# vi /etc/syslog.conf
*.* @192.168.0.111
# reboot

LOG FILES /var/svc/log

Redirection of Apache logs to Syslog and thereby to Centralized Log Server

Customize ErrorLog and CustomLog of Apache
# vi /usr/local/apache/conf/httpd.conf
ErrorLog syslog
CustomLog "|/usr/bin/logger -p local1.info" common

Define local log files and Log Server
# vi /etc/syslog.conf
*.* @192.168.0.111
local7.* /var/log/apache_error_log
local1.info /var/log/apache_access_log
Restart services
# /etc/init.d/syslog restart
# /usr/local/apache/bin/apachectl restart

Reference : devshed.com
apache.org

Comments

Popular posts from this blog

Check remote UDP connectivity from Linux

Hi there, You all know how to check TCP port connectivity from a Linux or UNIX machine to a remote machine using telnet as per th example below $ telnet 127.0.0.1 25 but we can't adopt TELNET to check UDP connectivity. Linux and most of the UNIXes come with a network layer utility called nc (abbreviation for netcat) which is very useful to check UDP connectivity and to explore a lot with both TCP and UDP. An example is shown below # nc -v -u -z -w 3 172.24.16.131 123 Connection to 172.24.16.131 123 port [udp/ntp] succeeded!

The best putty package available

Bored of Black screened Task bar filling putty? Issues with porting Saved sessions from machine to machine? Do you like tabbed SSH sessions? Start using portaputty instead of normal putty and link it with puttycm . Puttycm supports sessions to be saved in its own Database files. You can use the Putty sessions you have saved already right inside putty. You can have any number of databases which allow you to arrange Remote servers in folders and convenient namings. I personally recommend creating Database with puttycm rather than using the sessions saved in putty which doesn't offer any option to create folders and saving sessions under that directory tree. You can even save username/password to get it logged automatically and there is an option to pass commands to be run soon after login. I can't recommend this since some bug was found with these options. Portaputty is a variant of putty which stores all the Configuration data in text files instead of MS Window

PING.sh

#!/usr/bin/env bash ## Ping all machines in a Network PING="$(which ping) -c 1 -W 1" echo "Enter Subnet(eg:192.168.0)" read Subnet echo "Do you want to PING the entire network or a RANGE of IPs ? Enter your choice" echo 1. Ping Entire Network echo 2. Ping a RANGE read choice if [ $choice = 1 ]; then { echo Pinging..... for((i=1;i<255;i++)); do ${PING} ${Subnet}.${i} > /dev/null 2> /dev/null if [ $? -eq 0 ]; then echo -e "${Subnet}.${i} is up" fi done } fi if [ $choice = 2 ]; then { echo Enter the Starting IP of Range read a echo Enter the Last IP of Range read b echo Pinging..... for((i=$a;i<$b;i++)); do ${PING} ${Subnet}.${i} > /dev/null 2> /dev/null if [ $? -eq 0 ]; then echo -e "${Subnet}.${i} is up" fi done } fi exit 0