Delao, Darryl W said:
> Anyone have a good recommendation for a syslog server to handle logs from
> a cisco router, pix firewall and apache and other system logs?
syslog-ng I think is probably the best bet.
my sample configuration:
options { long_hostnames(off); sync(0); mark(3600); };
source s_remote { udp(ip(10.10.10.3) port (514)); internal();
unix-dgram("/dev/log"); file("/dev/klog"); };
filter f_hosts { level(debug..emerg); };
filter f_mail { program(postfix) or program(sendmail) or program(exim) or
program(sm-mta); };
filter f_vpn { program(vpnd) or program(vtun) or program(stunnel) or
host(cis-vpn.*); };
filter f_kern { program(kernel); };
filter f_lp { program(lpd) or program(lpr); };
filter f_ssh { program(sshd) or program(sshd2); };
filter f_sugood { program(su) and match(root); };
filter f_pamsubad { program(PAM_unix) and match(root) and match(failure); };
filter f_cron { program(cron) or program(anacron); };
filter f_proxy { program(squid); };
filter f_inetd { program(xinetd) or program(inetd); };
filter f_restart { match (restart); };
filter f_named { program(named); };
filter f_critical { match(crit); };
filter f_pop3 { program(pop3d); };
filter f_imap4 { program(imapd); };
filter f_denied { match (denied); };
filter f_mark { match (MARK); };
filter f_ftp { program (ftpd) or program(proftpd); };
filter f_switch { host(cis3548.*) or host(summit.*); };
filter f_database { program(slapd) or program(mysql); };
filter f_printers { host(bambam) or host(pebbles); };
filter f_ups { program(upsd) or program(upsmon); };
destination d_mail { file("/var/log-ng/mail.log"); };
destination d_vpn { file("/var/log-ng/vpn.log"); };
destination d_kern { file("/var/log-ng/kernel.log"); };
destination d_lp { file("/var/log-ng/lpr.log"); };
destination d_ssh { file("/var/log-ng/ssh.log"); };
destination d_sugood { file("/var/log-ng/su-good.log"); };
destination d_pamsubad { file("/var/log-ng/su-bad.log"); };
destination d_cron { file("/var/log-ng/cron.log"); };
destination d_proxy { file("/var/log-ng/proxy.log"); };
destination d_inetd { file("/var/log-ng/inetd.log"); };
destination d_restart { file("/var/log-ng/restart.log"); };
destination d_critical { file("/var/log-ng/crit.log"); };
destination d_named { file("/var/log-ng/named.log"); };
destination d_hostmsg { file("/var/log-ng/messages.$HOST"); };
destination d_pop3 { file("/var/log-ng/pop3.log"); };
destination d_imap4 { file("/var/log-ng/imap4.log"); };
destination d_denied { file("/var/log-ng/denied.log"); };
destination d_mark { file("/var/log-ng/mark.log"); };
destination d_ftp { file("/var/log-ng/ftp.log"); };
destination d_switch { file("/var/log-ng/switch.log"); };
destination d_database { file("/var/log-ng/database.log"); };
destination d_printers { file("/var/log-ng/printers.log"); };
destination d_ups { file("/var/log-ng/ups.log"); };
log { source(s_remote); filter(f_mail); destination(d_mail); };
log { source(s_remote); filter(f_vpn); destination(d_vpn); };
log { source(s_remote); filter(f_kern); destination(d_kern); };
log { source(s_remote); filter(f_lp); destination(d_lp); };
log { source(s_remote); filter(f_ssh); destination(d_ssh); };
log { source(s_remote); filter(f_sugood); destination(d_sugood); };
log { source(s_remote); filter(f_pamsubad); destination(d_pamsubad); };
log { source(s_remote); filter(f_cron); destination(d_cron); };
log { source(s_remote); filter(f_proxy); destination(d_proxy); };
log { source(s_remote); filter(f_inetd); destination(d_inetd); };
log { source(s_remote); filter(f_restart); destination(d_restart); };
log { source(s_remote); filter(f_critical); destination(d_critical); };
log { source(s_remote); filter(f_hosts); destination(d_hostmsg); };
#log { source(s_streams); filter(f_hosts); destination(d_hostmsg); };
log { source(s_remote); filter(f_named); destination(d_named); };
log { source(s_remote); filter(f_pop3); destination(d_pop3); };
log { source(s_remote); filter(f_imap4); destination(d_imap4); };
log { source(s_remote); filter(f_denied); destination(d_denied); };
log { source(s_remote); filter(f_mark); destination(d_mark); };
log { source(s_remote); filter(f_mark); destination(d_mark); };
log { source(s_remote); filter(f_switch); destination(d_switch); };
log { source(s_remote); filter(f_database); destination(d_database); };
log { source(s_remote); filter(f_printers); destination(d_printers); };
log { source(s_remote); filter(f_ups); destination(d_ups); };
my syslog-ng runs on freebsd, so the very top reference to /dev/klog can
be taken out if your syslog-ng host is linux.
this in combo with loghceck & logrotate, is a great log setup for me.
nate
--
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe
https://listman.redhat.com/mailman/listinfo/redhat-list
