Log Server Setup
Allow remote machines to Log
# vi /etc/sysconfig/syslog
Replaced
SYSLOGD_OPTIONS="-m 0"
with
SYSLOGD_OPTIONS="-rm 0"
Setup Log Rotation Policy
# vi /etc/logrotate.conf
daily
# keep 7 days worth of backlogs
rotate 7
# create new (empty) log files after rotating old ones
create
# uncomment this if you want your log files compressed
compress
# RPM packages drop log rotation information into this directory
include /etc/logrotate.d
# no packages own wtmp -- we'll rotate them here
/var/log/wtmp {
monthly
create 0664 root utmp
rotate 1
}
Customize Log types and log destination
# vi /etc/syslog.conf
local7.* /var/log/apache_error_log
local1.info /var/log/apache_access_log
Restart Syslogd to take effect of the changes made
# /etc/init.d/syslog restart
Client Configurations
1.RHEL5
# vi /etc/syslog.conf
*.* @192.168.0.111
Restart Syslog
# /etc/init.d/syslog restart
Log files Replicated
All those logs handled by Syslog daemon
For example
messages
audit/audit.log
boot.log
cron.log
secure
2.OpenBSD
# vi /etc/syslog.conf
*.* @192.168.0.111
# reboot
In the Server 's /etc/syslog.conf added the following
auth.info /var/log/OpenBSD_authlog
daemon.info /var/log/OpenBSD_daemon
# /etc/init.d/syslog restart
Log files Replicated
authlog
messages
daemon
3.OpenSolaris
# vi /etc/syslog.conf
*.* @192.168.0.111
# reboot
LOG FILES /var/svc/log
Redirection of Apache logs to Syslog and thereby to Centralized Log Server
Customize ErrorLog and CustomLog of Apache
# vi /usr/local/apache/conf/httpd.conf
ErrorLog syslog
CustomLog "|/usr/bin/logger -p local1.info" common
Define local log files and Log Server
# vi /etc/syslog.conf
*.* @192.168.0.111
local7.* /var/log/apache_error_log
local1.info /var/log/apache_access_log
Restart services
# /etc/init.d/syslog restart
# /usr/local/apache/bin/apachectl restart
Reference : devshed.com
apache.org
Allow remote machines to Log
# vi /etc/sysconfig/syslog
Replaced
SYSLOGD_OPTIONS="-m 0"
with
SYSLOGD_OPTIONS="-rm 0"
Setup Log Rotation Policy
# vi /etc/logrotate.conf
daily
# keep 7 days worth of backlogs
rotate 7
# create new (empty) log files after rotating old ones
create
# uncomment this if you want your log files compressed
compress
# RPM packages drop log rotation information into this directory
include /etc/logrotate.d
# no packages own wtmp -- we'll rotate them here
/var/log/wtmp {
monthly
create 0664 root utmp
rotate 1
}
Customize Log types and log destination
# vi /etc/syslog.conf
local7.* /var/log/apache_error_log
local1.info /var/log/apache_access_log
Restart Syslogd to take effect of the changes made
# /etc/init.d/syslog restart
Client Configurations
1.RHEL5
# vi /etc/syslog.conf
*.* @192.168.0.111
Restart Syslog
# /etc/init.d/syslog restart
Log files Replicated
All those logs handled by Syslog daemon
For example
messages
audit/audit.log
boot.log
cron.log
secure
2.OpenBSD
# vi /etc/syslog.conf
*.* @192.168.0.111
# reboot
In the Server 's /etc/syslog.conf added the following
auth.info /var/log/OpenBSD_authlog
daemon.info /var/log/OpenBSD_daemon
# /etc/init.d/syslog restart
Log files Replicated
authlog
messages
daemon
3.OpenSolaris
# vi /etc/syslog.conf
*.* @192.168.0.111
# reboot
LOG FILES /var/svc/log
Redirection of Apache logs to Syslog and thereby to Centralized Log Server
Customize ErrorLog and CustomLog of Apache
# vi /usr/local/apache/conf/httpd.conf
ErrorLog syslog
CustomLog "|/usr/bin/logger -p local1.info" common
Define local log files and Log Server
# vi /etc/syslog.conf
*.* @192.168.0.111
local7.* /var/log/apache_error_log
local1.info /var/log/apache_access_log
Restart services
# /etc/init.d/syslog restart
# /usr/local/apache/bin/apachectl restart
Reference : devshed.com
apache.org
Comments