Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
syslog-ng server?
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
freke
l33t
l33t


Joined: 23 Jan 2003
Posts: 963
Location: Somewhere in Denmark

PostPosted: Mon Apr 09, 2018 7:30 pm    Post subject: syslog-ng server? Reply with quote

I've traditionally been running metalog on my 3 small headless servers (ie. bind/dhcp/mail) - I was thinking on running a centralized logserver on one of them and it seems syslog-ng would be the way to go then?

Is there any favored wiki/guide to follow to set that up?
And how is the output compared to metalog?

And is/can the logs be combined; ie. I have most 'mail-stuff' logged from one server - but spam-handling will be done on a seperate server - could that be combined into a single logfile for easily following the flow of a mail throughout the system? (are lines then in anyway prefixed with the server they are originating from?)

Tia
freke
Back to top
View user's profile Send private message
ct85711
Veteran
Veteran


Joined: 27 Sep 2005
Posts: 1791

PostPosted: Tue Apr 10, 2018 12:20 am    Post subject: Reply with quote

I can't really say if syslog-ng is better than metalog, as I don't have any experience with that. However, I did setup remote logging before, but sadly I don't have my configs for when I did it nor another gentoo system to reset it up. I do recall, it wasn't really too difficult to setup; and for me all the logs were combined together as if it was done local. The main thing you need to do, is modify the rules so that it includes the source machine.

I'll see if I can setup another linux machine and try setting up the remote logging again.
Back to top
View user's profile Send private message
bbgermany
Veteran
Veteran


Joined: 21 Feb 2005
Posts: 1844
Location: Oranienburg/Germany

PostPosted: Tue Apr 10, 2018 5:04 am    Post subject: Reply with quote

Hi,

maybe this helps you getting syslog-ng up as collector. I havent tried this, coz im doing this with rsyslog.

https://www.techrepublic.com/article/how-to-use-syslog-ng-to-collect-logs-from-remote-linux-machines/

greets, bb
_________________
Desktop: Ryzen 5 5600G, 32GB, 2TB, RX7600
Notebook: Dell XPS 13 9370, 16GB, 1TB
Server #1: Ryzen 5 Pro 4650G, 64GB, 16.5TB
Server #2: Ryzen 4800H, 32GB, 22TB
Back to top
View user's profile Send private message
freke
l33t
l33t


Joined: 23 Jan 2003
Posts: 963
Location: Somewhere in Denmark

PostPosted: Tue Apr 10, 2018 4:22 pm    Post subject: Reply with quote

Thx - looking into the guide, and seems like I'm able to gather logs remotely now :D

Now off to create some filters it seems - to mimic my metalog-setup.

ct85711:
Not saying syslog-ng is better than metalog either (I've always used metalog) - it's just that metalog doesn't support remote logging as I understand it.

--
Instantly in love with syslog-ng - currently fooling around with https://papertrailapp.com - love it :D
Back to top
View user's profile Send private message
ct85711
Veteran
Veteran


Joined: 27 Sep 2005
Posts: 1791

PostPosted: Wed Apr 11, 2018 12:47 am    Post subject: Reply with quote

From looking at metalog, I am not sure how much I like that package. For me, the biggest thing that would bug is, that it is very little documentation for it. Looking at it more closely, I saw the forum for it (I assume is the main forum on sf, but may not), is the lack of communication for multiple years. Even looking at the source code history, there has been a 2 or 3 code merges recently (on allowing remote logging using UDP). Beyond that, there was one was a change to the man file. The catcher, is beyond that, no activity since like 2012 or 2013. Either way, I'd be concerned that the devs more of gave up on it as they haven't even been improving the documentation and the community around that package isn't even communicating in their forum (I could have went to the wrong place for their forums).
Back to top
View user's profile Send private message
Ant P.
Watchman
Watchman


Joined: 18 Apr 2009
Posts: 6920

PostPosted: Wed Apr 11, 2018 1:25 am    Post subject: Reply with quote

A bit of fun trivia about metalog: it really really doesn't like running in foreground without a stdout to write its debug spam to. It'll try anyway, and then block forever once its internal buffer backs up... and then every other program on the system that tries to call syslog() will block too. It usually takes a while for the write buffer to fill up so it fails a random amount of time after boot.

It's tolerable software, as long as you don't try to do anything interesting with it. Deserves to be abandoned in an early 2000s museum for sure.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum