Monday, March 3, 2008

Log Server using Syslog

Log Server Setup

Allow remote machines to Log

# vi /etc/sysconfig/syslog
Replaced
SYSLOGD_OPTIONS="-m 0"
with
SYSLOGD_OPTIONS="-rm 0"

Setup Log Rotation Policy
# vi /etc/logrotate.conf
daily
# keep 7 days worth of backlogs
rotate 7
# create new (empty) log files after rotating old ones
create
# uncomment this if you want your log files compressed
compress
# RPM packages drop log rotation information into this directory
include /etc/logrotate.d
# no packages own wtmp -- we'll rotate them here
/var/log/wtmp {
monthly
create 0664 root utmp
rotate 1
}

Customize Log types and log destination

# vi /etc/syslog.conf
local7.* /var/log/apache_error_log
local1.info /var/log/apache_access_log

Restart Syslogd to take effect of the changes made

# /etc/init.d/syslog restart

Client Configurations

1.RHEL5

# vi /etc/syslog.conf
*.* @192.168.0.111

Restart Syslog
# /etc/init.d/syslog restart

Log files Replicated
All those logs handled by Syslog daemon
For example
messages
audit/audit.log
boot.log
cron.log
secure

2.OpenBSD
# vi /etc/syslog.conf
*.* @192.168.0.111
# reboot

In the Server 's /etc/syslog.conf added the following
auth.info /var/log/OpenBSD_authlog
daemon.info /var/log/OpenBSD_daemon

# /etc/init.d/syslog restart

Log files Replicated
authlog
messages
daemon

3.OpenSolaris
# vi /etc/syslog.conf
*.* @192.168.0.111
# reboot

LOG FILES /var/svc/log

Redirection of Apache logs to Syslog and thereby to Centralized Log Server

Customize ErrorLog and CustomLog of Apache
# vi /usr/local/apache/conf/httpd.conf
ErrorLog syslog
CustomLog "|/usr/bin/logger -p local1.info" common

Define local log files and Log Server
# vi /etc/syslog.conf
*.* @192.168.0.111
local7.* /var/log/apache_error_log
local1.info /var/log/apache_access_log
Restart services
# /etc/init.d/syslog restart
# /usr/local/apache/bin/apachectl restart

Reference : devshed.com
apache.org

No comments: