Making log server

mw_9 · ‎06-17-2003

Hi all
Can I make log server which all client messages are logged separately

One condition is given

1.
Messeges from all clients must be logged by client's name each at log server

any tips are helpful

add up

Stuart Browne · ‎06-17-2003

When yous ay 'log', I take it you mean that you want 'syslog' to send the events to be logged to a given server?

So you've got your client PC's logging events like:

kern.* @othermachine

(as detailed in 'man syslog.conf').

You'll also have to make 'syslogd' listen for incoming requests. According to 'man syslogd', the flag you need is '-r'.

Depending on what distribution you are using depends on how to best eanble this feature however.

The simplest way is to modify the startup routine in /etc/rc.d/*/*syslogd (adding the -r flag to the startup routines), however if you are using a RedHat system, you can just modify the line "SYSLOGD_OPTIONS" in "/etc/sysconfig/syslog".

Have fun.

One long-haired git at your service...

U.SivaKumar_2 · ‎06-17-2003

Hi,

I found syslog-ng is the right candidate for this purporse when I was experimenting on distributed IDS architectures and centralized logging system.

syslog-ng is capable of filtering the incoming syslog data from the syslog clients and decide the destination file depending on the client hostname.

I have some example on it's filtering configuration on syslog-ng central log server,

filter f_client1{ host("client1"); };
filter f_client2 { host("client2"); };

destination client1 { file /var/log/client1; };
destination client2 { file /var/log/client2; };

now the syslog messages from client1 will logged to /var/log/client1 and client2 will be logged to /var/log/client2

regards,

U.SivaKumar

Innovations are made when conventions are broken

mw_9 · ‎06-18-2003

Does 'syslog-ng' you said some kind of utilities linux has?

can you give more details about?

add up

U.SivaKumar_2 · ‎06-18-2003

Please check these links for more information.

http://www.balabit.com/products/syslog_ng/reference/book1.html

http://www.campin.net/syslog-ng/faq.html

you can download the free software GPL licensed here

http://www.balabit.com/downloads/syslog-ng/

regards,

U.SivaKumar

Innovations are made when conventions are broken

mw_9 · ‎06-19-2003

Dose syslog-ng have to be installed each clients that I wanted to log ?

add up

U.SivaKumar_2 · ‎06-19-2003

Not neccesary.

Only the central log server which you choose should have syslog-ng installed. Disable normal syslogd in this server.

#ntsysv

syslog-ng should be listening for incoming syslog messages.

regards,

U.SivaKumar

Innovations are made when conventions are broken

U.SivaKumar_2 · ‎06-19-2003

Not neccesary.

Only the central log server which you choose should have syslog-ng installed. Disable normal syslogd in this server.

#ntsysv

syslog-ng should be listening for incoming syslog messages.

On all other client edit /etc/syslogd.conf and put this single line if you want to log everything to the central log server.

*.* @log.mydomain.com

regards,

U.SivaKumar

Innovations are made when conventions are broken

Paddy_1 · ‎06-19-2003

watch out for this product if security is a requirement.

http://coombs.anu.edu.au/~avalon/nsyslog.html

The sufficiency of my merit is to know that my merit is NOT sufficient

mw_9 · ‎06-19-2003

what did I wrong?
see that attached file

add up

Making log server

Making log server

Re: Making log server

Re: Making log server

Re: Making log server

Re: Making log server

Re: Making log server

Re: Making log server

Re: Making log server

Re: Making log server

Re: Making log server

Hewlett Packard Enterprise International