I want centralized logs!
Update 20100310: this protocol is
here.
I now have six seven servers, ranging from a firewall appliance to an entry-level supercomputer. Having a single point to collect (and store) system logs could be a commodity. Here's my recipe (of course, à la Debian...).
References: http://www.aboutdebian.com/syslog.htm,
man syslog
Setting up the log server
Configure the syslog server
- Tell syslogd to listen for messages from remote boxes:
edit /etc/default/syslogd, change the row SYSLOGD="" to SYSLOGD="-r -m0"
- Tell syslogd how to handle those messages:
edit /etc/syslog.conf, and add some information on where to log some classes of messages. In my case I decided to set up a 'whole' log, holding emergency, alert and critical
*.emerg /var/log/enterprise.log
*.alert /var/log/enterprise.log
*.crit /var/log/enterprise.log
Configure log rotation and archiving
* Tell log rotation daemon what to do
* Tell cron how to store old logs on the NAS acting as backup server
Setting up clients
