Log server

I want centralized logs!

Update 20100310: this protocol is here.

I now have six seven servers, ranging from a firewall appliance to an entry-level supercomputer. Having a single point to collect (and store) system logs could be a commodity. Here's my recipe (of course, à la Debian...).

References: http://www.aboutdebian.com/syslog.htm, man syslog

Setting up the log server

Configure the syslog server

  1. Tell syslogd to listen for messages from remote boxes:
    edit /etc/default/syslogd, change the row SYSLOGD="" to SYSLOGD="-r -m0"
  2. Tell syslogd how to handle those messages:
    edit /etc/syslog.conf, and add some information on where to log some classes of messages. In my case I decided to set up a 'whole' log, holding emergency, alert and critical *.emerg /var/log/enterprise.log *.alert /var/log/enterprise.log *.crit /var/log/enterprise.log
  3. Configure log rotation and archiving

    * Tell log rotation daemon what to do * Tell cron how to store old logs on the NAS acting as backup server

    Setting up clients