Re: syslog log collabration

From: Papapanagiotoy Theofilos (theofpa_at_otenet.gr)
Date: 07/30/03

  • Next message: Hendra Santosa: "Re: Redhat 8.0 networking/routing/security issue..."
    Date: Wed, 30 Jul 2003 10:14:18 +0000
    To: subscribe@kringstad.net
    
    

    Glenn English wrote:

    >>On Tue, 2003-07-29 at 03:12, subscribe wrote:
    >
    >>>>1. I'm not sure which syslog daemon to choose: syslogd or syslog-ng.
    >>>> Any comments?
    >>
    >>
    I would recommend msyslogd (modular syslogd). I really like it's modules, supporting mysql, regular expressions, etc. Currently, my centralized syslog, has reached 873 MB in database, logging from 34 hosts (win, linux, solaris, with many services running on the machines) for about 2 months. The average of collecting syslog messages is 70.000 per day.

    >>
    >>syslogd. Start it with the -r switch to have it listen on port 413, UDP.
    >
    >
    syslog:~# grep syslog /etc/services
    syslog 514/udp

    >>>>2. I have to make the syslog deamon secure so that only the hosts I
    >>>>chose can connect.
    >>>> Is there any whitepapers or recommendations on how to do this?
    >>
    >>
    >>
    >>
    >>On Linux, use iptables or ipchains as a packet filter.
    >>
    >
    >
    >>>>3. I need to have a good syslog analyzer to do the logs, report on email
    >>>>or web.
    >>>> What is the best tool for this?
    >>
    >>
    >>
    >>
    >>logwatch does a pretty good job. It's bundled with most Linux distros.
    >
    >
    logwatch is great, but for windows machines/services logs, you have to write your own shell (or better perl) scripts. A php interface connecting to mysql and selecting logs using various parammeters could be usefull for your sysadmins.

    Papapanagiotoy Theofilos
    theofpa@otenet.gr

    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------


  • Next message: Hendra Santosa: "Re: Redhat 8.0 networking/routing/security issue..."