- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- syslog.conf question
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-07-2011 10:47 AM
тАО04-07-2011 10:47 AM
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-07-2011 10:57 AM
тАО04-07-2011 10:57 AM
Re: syslog.conf question
*.* @10.11.12.13
where 10.11.12.13 is your syslog server's IP address.
Regarding where this log will be placed on the remote server, is not something you can control from the client side. It needs to be handled on the remote log server. I have never needed to create a log server on my own. Hence I can not comment how. I was always asked (mostly for security purposes) to send the syslog to this black-box, but it should not be too bad. Most linux flavors nowadays come with remote log reception capability by default.
UNIX because I majored in cryptology...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-07-2011 11:10 AM
тАО04-07-2011 11:10 AM
Re: syslog.conf question
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-07-2011 11:29 AM
тАО04-07-2011 11:29 AM
Re: syslog.conf question
schedule this to run every minute or 5 minutes or 10 according to your desire from cron. It is not the live update as remote syslog server option is, but a close second to that.
if your server doesn't have rsync, you can download it from hpux software porting archive over the internet. Just google it.
UNIX because I majored in cryptology...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-07-2011 11:32 AM
тАО04-07-2011 11:32 AM
Re: syslog.conf question
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-07-2011 12:37 PM
тАО04-07-2011 12:37 PM
Re: syslog.conf question
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-07-2011 01:24 PM
тАО04-07-2011 01:24 PM
SolutionIf you're setting up a dedicated log server, it might be worthwhile to install an advanced syslog daemon (syslog-ng or rsyslog) to the log server. Most advanced syslog daemons can be configured to listen for incoming remote syslog messages only, so the syslog server's own local logging can remain unaffected, if you wish.
Advanced syslog daemons also include a more flexible configuration language: this will allow you to store log messages to different files based on which server sent it, and (at least in the case of rsyslog) even to automatically create the log file if it doesn't already exist. For the standard syslog daemon, you'll have to create the logfile first before the syslog daemon can start writing to it.
You can also filter log messages by regular expressions: if some application produces messages that are recognizable using a regexp, this will give you an easy way to file those messages to a separate file, even if the application cannot use a custom syslog facility.
If you want to get really fancy, you can set your advanced syslog daemon to output the messages to a table in a database. Sure, it's more work to set it up that way, but once you have your logs in a database, indexed by e.g. time, hostname, syslog priority, facility and/or process name, you'll have the full power of the database to help you analyze the mass of logs. For example, you can easily calculate the amount of log messages per day sent by each host. You would expect this to stay about the same if nothing is changed: for example, if some host suddenly starts to log 10x the amount it normally does, it might be worthwhile to check it out, even if the messages are not strictly errors.
(We implemented this kind of setup: after a week or so, we caught a file transfer script that was stuck in infinite loop, transferring the same file over and over because someone had left an incorrectly-named file to the transfer directory.)
Or you could use database triggers to alert you when a version number included in a particular type of log message indicates one of your hosts has a version of sendmail or sshd that has serious known bugs.
Many of these things are possible with shell scripting too; but using a database allows non-trivial searches and makes everything much easier and faster.
There are even free Web GUIs for browsing such log databases available: you don't have to learn SQL to use your log database effectively.
MK
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-07-2011 03:19 PM
тАО04-07-2011 03:19 PM
Re: syslog.conf question
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-27-2011 01:00 PM
тАО04-27-2011 01:00 PM