logging server
Peter A. Castro
yellowdog-general@lists.terrasoftsolutions.com
Fri Nov 22 15:31:01 2002
On Fri, 22 Nov 2002, Jonathan Smith wrote:
> Has anybody managed to setup a logging server using syslogd and
> yellowdog? We've got several Portmaster 3's that send information to a
> logging server. Unfortunately that server is slowly dying. I'd like
> to replace it with a machine running yellowdog but I'm not having a lot
> of luck w/ syslogd.
>
> I've got 1 PM3 pointing to the new log server and I have syslogd
> starting with the "-r" flag on the new logging server. However nothing
> is appearing is any of the logs on that machine. There's an entry for
> syslogd in /etc/services. I think it may be a problem in the
> syslog.conf file but I can't find information on how to setup a logging
> server.
Let's be clear on this: your new log server is the one with syslogd
started with the "-r" option, not the PM3 (ie: the client). A man of
syslogd tells you that "-r" is needed on the log server to receive log
messages. The clients should run syslogd without any special options
(unless you're running a log repeater, but that's not what you're doing
here). The client's syslog.conf should have entries directing things to
your log server. Eg:
*.info;mail.none;authpriv.none;cron.none @logserver.yourdomain.com
authpriv.* @logserver.yourdomain.com
mail.* @logserver.yourdomain.com
user.* @logserver.yourdomain.com
auth.* @logserver.yourdomain.com
local7.* @logserver.yourdomain.com
etc...
(note those are TAB characters, not spaces separating the log facility
mask from the remote hostname).
To test, you can use logger to generate a log entry. Eg:
$ logger -i -p local7.debug "hello"
You should see an entry in your /var/log/boot.log on the log server
tagged with the client's hostname:
Nov 22 14:20:42 PM3 root[11805]: hello
something else to note: Your syslog.conf example below appears to have
real spaces between the facility mask and the log file paths. These must
be TABs only, not spaces. syslog's config file format requires this.
So, for example, replace all spaces with TABs between "mail.*" and
"/var/log/maillog".
One you make changes to your syslog.conf's restart syslogd (with the
correct options :)
> Thanks for any help. I'm including my syslog.conf file below - I
> added the section labeled "auth and user - pm3" in an attempt to get
> logging working.
>
> # Log all kernel messages to the console.
> # Logging much else clutters up the screen.
> #kern.* /dev/console
>
> # Log anything (except mail) of level info or higher.
> # Don't log private authentication messages!
> *.info;mail.none;authpriv.none;cron.none
> /var/log/messages
>
> # The authpriv file has restricted access.
> authpriv.* /var/log/secure
>
> # Log all the mail messages in one place.
> mail.* /var/log/maillog
>
> # auth and user - pm3
> user.*
> /var/log/user.log
> auth.*
> /var/log/auth.log
>
> # Log cron stuff
> cron.* /var/log/cron
>
> # Everybody gets emergency messages
> *.emerg *
>
> # Save news errors of level crit and higher in a special file.
> uucp,news.crit /var/log/spooler
>
> # Save boot messages also to boot.log
> local7.*
> /var/log/boot.log
--
Peter A. Castro <doctor@fruitbat.org> or <Peter.Castro@oracle.com>
"Cats are just autistic Dogs" -- Dr. Tony Attwood