[MVLUG] RSYSLOG discussion
lineman60 at gmail.com
Mon Mar 14 20:48:51 MDT 2011
On Mon, Mar 14, 2011 at 2:27 PM, Joe Pfeiffer <joseph at pfeifferfamily.net>wrote:
> Jonathan Lindsey writes:
> >Howdy All,
> >I wanted to start a discussion on the list about Centralized Logging.
> >Many of us work in multi computer environments, and we all know that
> >centralizing your administration is almost always a good thing. So with
> >that being said, let's talk about centralized logging.
> >I personally/professionally use rsyslog to dump my syslog information
> >into a mysql database. Then most of the other computers send their
> >syslog info to that rsyslog server. The problem with this is what
> >happens after the data get's stored. Usually I just ignore the data,
> >which is not a good thing. Lately I've been needing to get data out of
> >this information, such as Access Control List logs and what not. I have
> >been writing some custom PHP scripts that access that information, on a
> >custom administration page that I'm writing as I go.
> >Do you manage your systems with centralized logging?
> I don't -- but then, I'm only working on four machines.
> >If so, what back-end server/services do you use?
> >What kind of data do you look for within your logs?
> cron runs logcheck on all my machines hourly. It runs a set of regular
> expressions to search for anomalies, and if it spots any it emails
> them to me.
> The main things I look for are upcoming hardware failures, and (for
> the machine that is occasionally exposed to the outside) login failures.
> It's time to try defying gravity
> MVLUG-list mailing list
> MVLUG-list at mvlug.org
> I have a syslog-ng server up. I am sure i could make it more effective but
it works GE. (Good Enough)
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the MVLUG