[Gllug] re-routing log files
Xander D Harkness
xander at harkness.co.uk
Mon Nov 18 03:11:33 UTC 2002
George F. Saxby wrote:
>hi,
> Just a quick question, I have a very remote box with very little disk space
>that falls over through too many log files being archived.
> Is there a way to have them sent to me here rather than on the local box
>via email ?
>
>
This is very easy to do.
In the /etc/syslog.conf file you can choose which messages you want to
send on and to where:
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none /var/log/messages
*.info
@logserver.harkness.co.uk
Then in the file /etc/sysconfig/syslog (I am running RH) on the logserver
the SYSLOGD options are
SYSLOGD_OPTIONS="-m 0 -r"
Basically you need to start syslog with the -r flag to accept remote logs
and watch them roll in.
Note I started running the log server on an internal nameserver (it was
a box with a slow cpu) the cpu could not deal with processing the
incoming logs from about 20-30 boxes and serve up dns lookups. I may
have lost some logs. When you set ip up have a good nosey to ensure you
are capturing all traffic.
Cheers
Xander
--
Those who can, do; those who can't, simulate.
--
Gllug mailing list - Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug
More information about the GLLUG
mailing list