tavoli logolas tobb geprol egy kozponti serverre

Syslog-ng?

syslog-ng?

Nálunk 2 szerver loggol egyre és igen szépen megy

a két szerver syslogd vel van felszerelve a loggoló pedig syslog-ng-vel

a dolog pofon eccerű. syslog-ng-ben vannak változók:
$HOST,YEAR,$MONTH,$DAY, stb

namármost ha az adott destination fájln nevében elhelyezel valai ilyesmit:
/var/logsave/$HOST/$YEAR/$MONTH/$DAY/logfileneve

akkor szépen hostonként,évenként,havonként,naponként külön könyvtárba, szépen szortírozva rakja a logokat.

ha kell akkor bemásolok egy minta sort is

Én pl. így logoltatom az összes Cisco cuccot egy szerverre ...

# /etc/syslog.conf - Configuration file for syslogd(8)
#
# For info about the format of this file, see "man syslog.conf".
#

#
#
# print most on tty10 and on the xconsole pipe
#

# Cisco logging
#

# System unstable
local7.0 -/var/log/cisco_system.log

# Immediate action required
local7.1 -/var/log/cisco_immediate.log

# Critical condition
local7.2 -/var/log/cisco_critical.log

# Error conditions
local7.3 -/var/log/cisco_error.log

# Warning conditions
local7.4 -/var/log/cisco_warning.log

# Normal but significant conditions
local7.5 -/var/log/cisco_significant.log

# Informational messages
local7.6 -/var/log/cisco_information.log

# Debugging messages
local7.7 -/var/log/cisco_debugging.log

#
#

kern.warning;*.err;authpriv.none /dev/tty10
kern.warning;*.err;authpriv.none |/dev/xconsole
*.emerg *

# enable this, if you want that root is informed
# immediately, e.g. of logins
#*.alert root

#
# all email-messages in one file
#
mail.* -/var/log/mail
mail.info -/var/log/mail.info
mail.warning -/var/log/mail.warn
mail.err /var/log/mail.err

#
# all news-messages
#
# these files are rotated and examined by "news.daily"
news.crit -/var/log/news/news.crit
news.err -/var/log/news/news.err
news.notice -/var/log/news/news.notice
# enable this, if you want to keep all news messages
# in one file
#news.* -/var/log/news.all

#
# Warnings in one file
#
*.=warning;*.=err;\
local7.none -/var/log/warn
*.crit;\
local7.none /var/log/warn

#
# save the rest in one file
#

*.*;mail.none;news.none;\
local7.none -/var/log/messages

#
# enable this, if you want to keep all messages
# in one file
#*.* -/var/log/allmessages

#
# Some foreign boot scripts require local7
#
local0,local1.* -/var/log/localmessages
local2,local3.* -/var/log/localmessages
local4,local5.* -/var/log/localmessages
local6.* -/var/log/localmessages
#local6,local7.* -/var/log/localmessages

sima syslog-al is trivialis.

a logszervernek meg kell monani,hogy fogadja:
debianban az /etc/init.d/sysklogd-ben talalsz ilyet,
# For remote UDP logging use SYSLOGD="-r"
#
SYSLOGD=" -r "

a klienseknek a syslog.conf-jaba:
*.* @logszerver.ceg.hu

minden megy, es a logszerveren kedvedre valogathatod.

az altalam hasznalt megoldas (syslog-ng)

# General options,
options { long_hostnames(off); sync(6); create_dirs(yes); keep_hostname(yes); owner(root); group(root); perm(0600); dir_perm(0700); };
source src { unix-stream("/dev/log"); internal(); file("/proc/kmsg");};
source net { udp(); };

egy ideig mysqlbe is nyomtam, de tul sok az adat, iszonyat meretu adatbazist eredmenyez:

#destination d_mysql {
#pipe("/var/run/mysql.pipe"
#template("INSERT INTO logs (host, facility, priority, level, tag, date,
#time, program, msg) VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$LEVEL', '$TAG',
#'$YEAR-$MONTH-$DAY', '$HOUR:$MIN:$SEC', '$PROGRAM', '$MSG' );\n") template-escape(yes));
#};

#log { source(net); destination(d_mysql);
#};

Es igy nez ki egy bejegyzes:

destination blabla { file("/var/log/Routers/blabla/$YEAR/$MONTH/$DAY/blabla"); };
filter blabla { host("blablahostja"); };
log { source(net); filter(blabla); destination(blabla); };

Neha (igaz ritkan) elszall a syslog-ng es szarik a logra :)