[SOLVED] Syslog-ng,+ rsyslog + logrotation "Need some good configuration example"

pantdk · 11-28-2011, 08:14 PM

Hi All,

Actually i am surfing net for the gd doc or link for log server

based on rsyslog or syslog-ng + log-rotation i found some but
that's confusing so if some one have doc or linke PLZ share

acid_kewpie · 11-29-2011, 02:24 AM

sharing examples by itself is no use. what do you actually need to achieve, and what specific issues are you facing?

pantdk · 11-29-2011, 07:30 AM

Hi Chris,

"thanks for reply"
i have to configure a centralized log-server for my 10server "client server". so my need is that i didn't change anything at "configuration" on "client server" side.All configuration has be done at log-server end & that is happen through ssh i think so.in log-server i have 500GB space for the logs.the client server all log came at log-server according to their host-name & with their categorization "messages kernel debug" etc & also i want that through logrotation i want to define the size,backup etc, after one month older bk deleted.
so as of now i found that syslog-ng & rsyslog is a good option for that, now i just found a link for rsyslog & current i am working on it.

agentbuzz · 12-01-2011, 03:41 PM

On your syslog host, here are the lines that must exist in syslog.conf in order to enable reception of messages over UDP.

Code:

[host]# grep -A 2 Provides.UDP /etc/rsyslog.conf
# Provides UDP syslog reception
$ModLoad imudp.so
$UDPServerRun 514

Also in syslog.conf on the syslog server, you should specify the facility, severity, and log location for messages from the client hosts as follows. This is done so that you will have a single source of messages from client hosts to look through, instead of having the clients' messages mixed in with those sent by the local host

Code:

# Other Hosts logs
local6.*                                  /var/log/yourhosts/syslog.log

Your /etc/logrotate.d/syslog should be changed on the syslog host to look like the following. This ensures that the hosts' logs are properly rotated and compressed, and that enough historical log data is retained for forensic purposes.

Code:

/var/log/messages /var/log/secure /var/log/maillog /var/log/spooler /var/log/boot.log /var/log/cron /var/log/yourhosts/syslog.log {
    daily
    missingok
    rotate 26
    compress
    sharedscripts
    postrotate
        /bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true
    Endscript	}

pantdk · 12-01-2011, 04:45 PM

Hi agentbuzz,
Thanks for support
i am looking for the tools which organized my client server logs in a particular LOG-Server so I try syslog-ng & that work correctly right now

pantdk · 12-02-2011, 03:24 AM

Hi

Now i have made a syslog-ng server which works perfectly