Sysloging as rehab
by seeder • 20th September 2006 • post
Finally after I’ve finished my stash of CSI episodes I was able to do some good.
First thing after break, my attention caught by my logging system.
I have few devices on my network which can log msgs to a log server. So I have set this kind of server on my local Ubuntu server, simple modification of start-up script made syslog accept external log messages and voila, system is logging. But after some time I was unable to read my logs, all around was some crap from my phone telling me that it has registered again with some server, the only navigation was possible with grep -v .50 to just not see msgs from that device. I got tired and as librenix was showing a link to howto for using syslog-ng as central server … I followed it.
Actually, before starting with syslog-ng I’ve tried if metalog can do it for me … but no, does not sport any networking ( pity as I quite like it on my laptop ). After short meeting with metalog I have installed syslog-ng.
Easy, very easy to be honest. Simple edit on /etc/syslog-ng/syslog-ng.conf adding :
source s_net { udp(); };
destination d_remote_logs { file(“/var/log/$FULLHOST/$YEAR-$MONTH.log”); };
log { source ( s_net ); destination (d_remote_logs); };
restart syslog-ng and it works.
There is no log rotation so I might change destination to something more stable like /var/log/remote/$HOST.log and add known hosts logs to logrotate … leave for later.