How to monitor logs the from remote server to my local server

kenam08 · 07-30-2015, 10:56 PM

Hi guys im just new to linux and i wanted to monitor the running logs of the remote server from my local server on which if it hangs or there is an error it will send me an email notification.

what is the most effective way to do this? i tried rsync but this will redownload the logs and could not monitor it real time. below is my script but its somehow not working.

Code:

#!/bin/bash
index=0;
function Mailer
{
	reciever=email@administrator.com
	subject="ERROR. Server Hanged"
	
	mail -s "$subject" $reciever <<< "$message"
}

echo "[START TEST]"
echo "-----------------------------------------------"
echo "Connecting..."
for StringLine in $(ssh root@host "cat /path/filename")
do
	echo "  $StringLine"
	if [[ $StringLine =~ "ERROR" ]];then
		
		echo "Found: $StringLine"
		message="$StringLine"
		
		LogReports[ $index ]=$message
		((index++))
	fi

	if [[ $StringLine =~ "java.net.SocketTimeoutException" ]]; then
		
		echo "Found: $StringLine"
		message="$StringLine"
		
		LogReports[ $index ]=$message
		((index++))
	fi

done

Mailer $LogReports[$index]

echo "done!"
echo "-----------------------------------------------"
echo "[END TEST]"

someone please help me

thank you

kenam08 · 07-31-2015, 02:25 AM

up can anyone help me?

unSpawn · 07-31-2015, 02:32 AM

Quote:

Originally Posted by kenam08

Hi guys im just new to linux

Please read generic Linux user, admin and security documentation because you will want to familiarize yourself with what you run.

Quote:

Originally Posted by kenam08

Code:

for StringLine in $(ssh root@host "cat /path/filename")

Please adhere to SSH Best Practices and don't use root to log in over networks, always use unprivileged users plus pubkey auth and protect the SSH service with white listing, fail2ban or equivalent.

Quote:

Originally Posted by kenam08

and i wanted to monitor the running logs of the remote server from my local server on which if it hangs or there is an error it will send me an email notification. what is the most effective way to do this? i tried rsync but this will redownload the logs and could not monitor it real time. below is my script but its somehow not working.

Regardless of server problems monitoring is a must, especially for production machines. Depending on requirements install both local tools (SAR, atop, psacct) to gather system resource statistics (+Monit or equivalent for alerting and possible restart services?) and remote tools like Nagios, Monit, Zabbix or an equivalent for monitoring and alerting purposes. If you're allowed to do so you could have that services on that machine send their logs to syslog and then have syslog copy those logs to a remote syslog server. The latter could be your development machine or workstation so you can tail and grep there as you like without disturbing the production environment.

kenam08 · 07-31-2015, 03:29 AM

Quote:

Originally Posted by unSpawn

Please read generic Linux user, admin and security documentation because you will want to familiarize yourself with what you run.

Please adhere to SSH Best Practices and don't use root to log in over networks, always use unprivileged users plus pubkey auth and protect the SSH service with white listing, fail2ban or equivalent.

Regardless of server problems monitoring is a must, especially for production machines. Depending on requirements install both local tools (SAR, atop, psacct) to gather system resource statistics (+Monit or equivalent for alerting and possible restart services?) and remote tools like Nagios, Monit, Zabbix or an equivalent for monitoring and alerting purposes. If you're allowed to do so you could have that services on that machine send their logs to syslog and then have syslog copy those logs to a remote syslog server. The latter could be your development machine or workstation so you can tail and grep there as you like without disturbing the production environment.

Hi Thank you for answering my questions. but i am not allowed to install any services on the server. the logs that i want to monitor is the ones that the java application continuously writes..

unSpawn · 08-02-2015, 04:51 AM

Quote:

Originally Posted by kenam08

(..) i am not allowed to install any services on the server. the logs that i want to monitor is the ones that the java application continuously writes..

That is nfo you should have incorporated in your original post: the more precise, factual nfo you spill the better we can tailor advice. So you can access the machine as root but you're not allowed to install services. OK. Then, depending on your approach, there's at leat two things you can do: ask the responsible admins to install software for you or ask them if additional (temporary?) configuration is OK.

If we focus on the java application log there's four things you can do: if it's the applications init script that writes the log file then (temporarily) make it use a log file you don't need root privileges for to read or use log4j and send it to a log file you don't need root privileges for to read or to a remote syslog server. If file locations can't be altered then Rsyslogd (or Syslog-NG) will "import" from any log file and export to any log file or (remote) destination. *Note this requires a little bit of testing and reconfiguration. Also note remote syslog by default uses UDP/514 which is an unprotected plain text stream. Assess if you need to encapsulate it using RELP, VPN or Stunnel or equivalent.

**Also this illustrates that while a reply of "i am not allowed to do X" is a valid answer it does not help us help you. So please be precise, complete and constructive and supply whatever you actually are allowed.

kenam08 · 08-02-2015, 09:32 PM

Quote:

Originally Posted by unSpawn

That is nfo you should have incorporated in your original post: the more precise, factual nfo you spill the better we can tailor advice. So you can access the machine as root but you're not allowed to install services. OK. Then, depending on your approach, there's at leat two things you can do: ask the responsible admins to install software for you or ask them if additional (temporary?) configuration is OK.

If we focus on the java application log there's four things you can do: if it's the applications init script that writes the log file then (temporarily) make it use a log file you don't need root privileges for to read or use log4j and send it to a log file you don't need root privileges for to read or to a remote syslog server. If file locations can't be altered then Rsyslogd (or Syslog-NG) will "import" from any log file and export to any log file or (remote) destination. *Note this requires a little bit of testing and reconfiguration. Also note remote syslog by default uses UDP/514 which is an unprotected plain text stream. Assess if you need to encapsulate it using RELP, VPN or Stunnel or equivalent.

**Also this illustrates that while a reply of "i am not allowed to do X" is a valid answer it does not help us help you. So please be precise, complete and constructive and supply whatever you actually are allowed.

Hi thanks for your answer sorry i kinda summarize everything without telling the things that is allowed. ok im gonna clear this out.

i am not allowed to install anything on the live server. but i am allowed to modify somefiles that will not affect the application being run in the server and he fears that we might run into trouble since he's also not that familiar with it.
my boss wants me to make a script that would monitor the logs from a remote server, thats why i have posted a script/code on my first post.there is already a script to read the logs and to trap the errors. the problem that im facing right now is that i am downloading the logs realtime and im using rsync to just syncing the logs but it keeps on asking me password even if i have created a ssh key and copied it to the remote server. how am i going to tell rsync to use this ssh key? can you provide me a sample command?