Community
General
cancel
turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Making log server

SOLVED
Go to solution
Topic Options
mw_9
mw_9
Occasional Advisor

‎06-17-2003 07:51 PM

‎06-17-2003 07:51 PM

Making log server

Hi all
Can I make log server which all client messages are logged separately

One condition is given

1.
Messeges from all clients must be logged by client's name each at log server

any tips are helpful
add up
0 Kudos
Reply
12 REPLIES
Stuart Browne
Stuart Browne
Honored Contributor

‎06-17-2003 08:12 PM

‎06-17-2003 08:12 PM

Re: Making log server

When yous ay 'log', I take it you mean that you want 'syslog' to send the events to be logged to a given server?

So you've got your client PC's logging events like:

kern.* @othermachine

(as detailed in 'man syslog.conf').

You'll also have to make 'syslogd' listen for incoming requests. According to 'man syslogd', the flag you need is '-r'.

Depending on what distribution you are using depends on how to best eanble this feature however.

The simplest way is to modify the startup routine in /etc/rc.d/*/*syslogd (adding the -r flag to the startup routines), however if you are using a RedHat system, you can just modify the line "SYSLOGD_OPTIONS" in "/etc/sysconfig/syslog".

Have fun.
One long-haired git at your service...
0 Kudos
Reply
U.SivaKumar_2
U.SivaKumar_2
Honored Contributor

‎06-17-2003 09:18 PM

‎06-17-2003 09:18 PM

Solution

Re: Making log server

Hi,

I found syslog-ng is the right candidate for this purporse when I was experimenting on distributed IDS architectures and centralized logging system.

syslog-ng is capable of filtering the incoming syslog data from the syslog clients and decide the destination file depending on the client hostname.

I have some example on it's filtering configuration on syslog-ng central log server,

filter f_client1{ host("client1"); };
filter f_client2 { host("client2"); };

destination client1 { file /var/log/client1; };
destination client2 { file /var/log/client2; };

now the syslog messages from client1 will logged to /var/log/client1 and client2 will be logged to /var/log/client2

regards,

U.SivaKumar








Innovations are made when conventions are broken
Reply
mw_9
mw_9
Occasional Advisor

‎06-18-2003 01:24 AM

‎06-18-2003 01:24 AM

Re: Making log server

Does 'syslog-ng' you said some kind of utilities linux has?

can you give more details about?
add up
0 Kudos
Reply
U.SivaKumar_2
U.SivaKumar_2
Honored Contributor

‎06-18-2003 03:31 AM

‎06-18-2003 03:31 AM

Re: Making log server

Please check these links for more information.

http://www.balabit.com/products/syslog_ng/reference/book1.html

http://www.campin.net/syslog-ng/faq.html

you can download the free software GPL licensed here

http://www.balabit.com/downloads/syslog-ng/

regards,

U.SivaKumar


Innovations are made when conventions are broken
0 Kudos
Reply
mw_9
mw_9
Occasional Advisor

‎06-19-2003 12:30 AM

‎06-19-2003 12:30 AM

Re: Making log server

Dose syslog-ng have to be installed each clients that I wanted to log ?
add up
0 Kudos
Reply
U.SivaKumar_2
U.SivaKumar_2
Honored Contributor

‎06-19-2003 02:30 AM

‎06-19-2003 02:30 AM

Re: Making log server

Not neccesary.

Only the central log server which you choose should have syslog-ng installed. Disable normal syslogd in this server.

#ntsysv

syslog-ng should be listening for incoming syslog messages.

regards,

U.SivaKumar




Innovations are made when conventions are broken
0 Kudos
Reply
U.SivaKumar_2
U.SivaKumar_2
Honored Contributor

‎06-19-2003 02:31 AM

‎06-19-2003 02:31 AM

Re: Making log server

Not neccesary.

Only the central log server which you choose should have syslog-ng installed. Disable normal syslogd in this server.

#ntsysv

syslog-ng should be listening for incoming syslog messages.

On all other client edit /etc/syslogd.conf and put this single line if you want to log everything to the central log server.

*.* @log.mydomain.com

regards,

U.SivaKumar




Innovations are made when conventions are broken
0 Kudos
Reply
Paddy_1
Paddy_1
Valued Contributor

‎06-19-2003 01:24 PM

‎06-19-2003 01:24 PM

Re: Making log server

watch out for this product if security is a requirement.

http://coombs.anu.edu.au/~avalon/nsyslog.html
The sufficiency of my merit is to know that my merit is NOT sufficient
0 Kudos
Reply
mw_9
mw_9
Occasional Advisor

‎06-19-2003 06:10 PM

‎06-19-2003 06:10 PM

Re: Making log server

what did I wrong?
see that attached file
add up
0 Kudos
Reply
mw_9
mw_9
Occasional Advisor

‎06-20-2003 12:03 AM

‎06-20-2003 12:03 AM

Re: Making log server

I can't generate client's named file.
what's wrong?
Messeges from all clients are logging default messages file.

what's wrong?
add up
0 Kudos
Reply
mw_9
mw_9
Occasional Advisor

‎06-20-2003 07:09 PM

‎06-20-2003 07:09 PM

Re: Making log server

thank you all your replies..
Thanks..
add up
0 Kudos
Reply
U.SivaKumar_2
U.SivaKumar_2
Honored Contributor

‎06-20-2003 07:47 PM

‎06-20-2003 07:47 PM

Re: Making log server

hi ,

is your problem solved ?.

regards,

U.SivaKumar
Innovations are made when conventions are broken
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.