Peter Kiem said: > Hi Nate, hello!
> Actually I meant whatever he was using to parse the logs could filter the > logs on the server name "column" in the system log. > I can see where splitting them would be very useful though. syslog-ng automatically splits them according to hostname as far as I know. I go further and filter according to service/type e.g. mail.log vpn.log database.log su.log pop3.log imap4.log switch.log printer.log > I guess only the logserver is what you need to look at anyway and it saves > space on the remote servers. yeah, and when you got a buncha servers it really cuts down on work to be able to view logs from 20 systems at once. esp with logcheck. > What if the logserver is down? Do the logs get kept until the logserver > is available again or are they lost completely? with the normal syslog I think logs are lost completely. but if you use syslog-ng on the client as well as the server I think you can specify multiple destinations(haven't tried this myself). my syslog server doesn't go down often. I only started using syslog-ng on a couple client machines recently. > I am thinking mostly of systems in my DMZ to a logserver inside my private > lan space to keep them more secure. > Hadn't thought of the other machines in the big bad Internet that I look > after as well. Hmmmmm.... I meant "DMZ" as well. before I would setup a dedicated syslog server for outside the firewall since my attempts to forward 514/UDP to the syslog server seemed to be unsuccessful, perhaps because the machine doing the forwarding(linux box) was listening on UDP/514(for some reason syslogd listens on UDP/514 when logging to a remote system even without using the -r option). Not certain though. for internet machines you could use stunnel or ssh to tunnel the logs back through the firewall from a remote site, if your paranoid(like me), or just do plain TCP.. my home network is only about 9 systems so I'm limited in resources (mostly limited by the lack of additional power, wish I had a dedicated 20amp circut in my apt!! I also configured bind to log everything to syslog as well so it get's archived and checked. I have logrotate set to keep 6 months of logs. sofar, 230MB of compressed logs since I deployed my home syslog server in september '02 ..wow, its been nearly 6 months already.. nate -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list