LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   looking for syslog program (https://www.linuxquestions.org/questions/linux-newbie-8/looking-for-syslog-program-815732/)

tonj 06-22-2010 02:13 PM

looking for syslog program
 
I'm running a cobalt raq550 web server (Linux version 2.6) and I want to install a syslog program on it, something that could log messages and send me an instant email in response to certain messages it receives. Is there such a program? Thanks for any help.

TB0ne 06-22-2010 04:08 PM

Quote:

Originally Posted by tonj (Post 4011762)
I'm running a cobalt raq550 web server (Linux version 2.6) and I want to install a syslog program on it, something that could log messages and send me an instant email in response to certain messages it receives. Is there such a program? Thanks for any help.

If it's running a real version of Linux, you've already got syslog installed. If not, you can install syslog-ng. That will log the messages.

Then, you can either use logwatch, or write your own script to look for patterns in file(s), and email you. You obviously need a mail server that can route/direct emails too. If you've already got an email server for your enterprise, and it's set to relay messages, a VERY basic sendmail/postfix installation is all you need. Point it to your existing mail server.

tonj 06-22-2010 04:43 PM

ok thanks, I took a peep into etc/init.d and there I saw syslog (red faced). So I suppose I do already have it. Now I have to work out how to use it. The raq550 is a command line beast so any further pointers would be appreciated.

TB0ne 06-22-2010 05:49 PM

Quote:

Originally Posted by tonj (Post 4011947)
ok thanks, I took a peep into etc/init.d and there I saw syslog (red faced). So I suppose I do already have it. Now I have to work out how to use it. The raq550 is a command line beast so any further pointers would be appreciated.

Well, you should be able to look into the syslog.conf file, and see where it's writing things. Once you find the locations, setting up logwatch is simple (tell it what files to monitor, and what to look for).

Sendmail/postfix setup should be easy too. Once installed, just set up the smarthost parameter, to point to your existing mail server. That way, logwatch (or your own program), can use the mail (or mailx) utility from the command line to send messages.

tonj 06-22-2010 06:11 PM

wow I actually managed to get it working. The messages are coming from my cisco router and they are being saved in a log file on the linux server. Just brilliant. One snag is that I've configured syslog.conf to save the log file to a location on the samba network so I can access it directly from a windows computer. Problem is the log file is generated with owner permissions only so I can't open or view it. Is there any way to configure the syslog program so it creates a log file with no restrictions on it?

TB0ne 06-22-2010 06:26 PM

Quote:

Originally Posted by tonj (Post 4012000)
wow I actually managed to get it working. The messages are coming from my cisco router and they are being saved in a log file on the linux server. Just brilliant. One snag is that I've configured syslog.conf to save the log file to a location on the samba network so I can access it directly from a windows computer. Problem is the log file is generated with owner permissions only so I can't open or view it. Is there any way to configure the syslog program so it creates a log file with no restrictions on it?

Probably not. Syslog files are created with tight permissions, so that users who do something nasty, won't be able to cover their tracks. You CAN try to change permissions on the file, but chances are the syslog program will whine about it. Try stopping syslog, doing (as root) "chmod 644 <logfile name>". That should let everyone READ the file at least, and syslog may let that go when it restarts. Never tried it, so I don't know.

marafa 06-23-2010 01:19 AM

with regards to the permissions you could try chmod on the target log file and then to maintain the permissions you could research your system's logrotate settings for that file


All times are GMT -5. The time now is 10:05 PM.