[summary] Setting up a loghost

From: Robert Johannes (rjohanne@piper.hamline.edu)
Date: Wed Jul 28 1999 - 09:56:29 CDT

Some body requested that I post Haniotakis' post regarding how to setup a
remote loghost, or just a loghost.

Here it goes:

        Re: Setup a loghost?
        Mon, 19 Jul 1999 18:00:41 +0300 (EET DST)
        Haniotakis Vangelis <haniotak@ucnet.uch.gr>
        Robert Johannes <rjohanne@piper.hamline.edu>

On Mon, 19 Jul 1999, Robert Johannes wrote:

> Dear sunmanagers, I'm kind of in a bind, because I can't figure out how
> to setup a loghost for a bunch of machines running solaris 7.
> If any body can help, I would really appreciate it alot.

Hokay. Here's how we did it:
- Decide which messages to log from each machine to the remote loghost.
- In your /etc/syslog.conf at each machine, add lines similar to the

mail.debug @loghost.foo.bar.com

  This means that these messages (facility LOG_MAIL, priority
LOG_debug or higher) will be forwarded to the remote loghost.
Do check the syslog.conf man pages for more info. The messages you
will wish to log depend heavily on your site's requirements, you
should do a study. Actually I just tossed all messages to the loghost
as it has lots of disk space, but that's just me.

- At the loghost, add the clients' hostnames in your /etc/syslog.auth
file; you might need to create the file. This allows these hosts to send
messages to the loghost's syslogd.
- At the loghosts' /etc/syslog.conf file, add lines similar to the

mail.debug /var/logs/mail.log

 This will log _all_ LOG_MAIL messages from _all_ clients (including the
loghost) with LOG_DEBUG or higher priority to that file. I think the
file must be chowned root:sys for syslog to be able to log there.

 AFAIK syslogd can't tell the difference between clients, so you will
need a cron perl script or something similar to allow you to separate
the messages according to client. We do use such a site-developed script
to do better archiving of the clients' log messages. This script is
available on request, but be warned that it's slightly site-specific,
not at all feature-rich, and commented mostly in Greek at the moment.
 Of course you can just use swatch for monitoring the whole file at
once, and do more goodies as well. This is highly recommended - find
swatch, install and configure it on the loghost ASAP.

 Hope I helped.

Vangelis Haniotakis
University of Crete - UCnet
Centre of Communications and Networking
System and Network Administration 

This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:13:24 CDT