[MVLUG] RSYSLOG discussion

Beryl Snyder lineman60 at gmail.com
Mon Mar 14 20:48:51 MDT 2011


On Mon, Mar 14, 2011 at 2:27 PM, Joe Pfeiffer <joseph at pfeifferfamily.net>wrote:

> Jonathan Lindsey writes:
> >Howdy All,
> >I wanted to start a discussion on the list about Centralized Logging.
> >
> >Many of us work in multi computer environments, and we all know that
> >centralizing your administration is almost always a good thing.  So with
> >that being said, let's talk about centralized logging.
> >
> >I personally/professionally use rsyslog to dump my syslog information
> >into a mysql database.  Then most of the other computers send their
> >syslog info to that rsyslog server.  The problem with this is what
> >happens after the data get's stored.  Usually I just ignore the data,
> >which is not a good thing.  Lately I've been needing to get data out of
> >this information, such as Access Control List logs and what not.  I have
> >been writing some custom PHP scripts that access that information, on a
> >custom administration page that I'm writing as I go.
> >
> >Do you manage your systems with centralized logging?
>
> I don't -- but then,  I'm only working on four machines.
>
> >If so, what back-end server/services do you use?
> >
> >What kind of data do you look for within your logs?
>
> cron runs logcheck on all my machines hourly.  It runs a set of regular
> expressions to search for anomalies, and if it spots any it emails
> them to me.
>
> The main things I look for are upcoming hardware failures, and (for
> the machine that is occasionally exposed to the outside) login failures.
> --
> It's time to try defying gravity
>
> _______________________________________________
> MVLUG-list mailing list
> MVLUG-list at mvlug.org
> http://lists.fastwave.biz/mailman/listinfo/mvlug-list
>
> I have a syslog-ng server up. I am sure i could make it more effective but
it works GE. (Good Enough)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mvlug.org/pipermail/mvlug/attachments/20110314/7158435f/attachment.html>


More information about the MVLUG mailing list