1

How to redirect third party logs to log server in Centos

view story
linux-howto

http://serverfault.com – I want to setup a simple log server to accept logs from all clients. I am not talking about standard system logs such as /var/log/mail , message, boot etc. I want to redirect or send application logs and they may not be using syslog daemon at all to log their message. Such as /appdir/log/error.log. I ran across many posts on the internet; most suggest using rsyslog or syslog-ng. Well so far I have been able to redirect the standard system logs not the application logs. I am using centos 5/6 environment. (HowTos)

taskli's picture
Submitted by taskli on 10/19/2012

Stories similar to How to redirect third party logs to log server in Centos

How many logs/second can usually be handled by syslog servers? By syslog servers, I am referring to rsyslog, syslog-ng, splunk etc. The intent of the question is to find out at what logs/second rate the OS (Linux kernel >=3.0) becomes bottle-neck.

So far, I am able to forward about 10,000 logs/sec using UDP. If I increase the rate, logs start getting dropped.

Syslog lag, dropping data 2 years 25 weeks ago

Hello,

My issue here is that rsyslog seems to be dropping data. I first installed Debian 5 on a old HP Proliant server that has 1gb of ram and 1TB of storage in old ass disk array. While the server is old it is not THAT old and runs all tasks fine. I pushed my firewall traffic logs plus some Windows server event logs to this server.

Due to compliance issues, there is a need to store all tomcat logs for at least 6 months on a central server.

Is there a way to send the logs to rsyslog server or any other mechanism that will accomplish the task.

I have just setup a Graylog2 server and I am looking to send all logs from my main server to the graylog server.

Hi,

I am using syslog Facility6 for the logs generated by an application. I have appended the following line in the /etc/syslog.conf

local6.* /var/log/app.log

And my application logs are successfully getting created in /var/log/app.log.

On our server we have (or you should have) tons of logs generated, logs from various daemons (ssh, iptables, monit, fail2ban), services (apache. nginx, bind, ftp, etc.) and system logs (syslog, messages, kernel).

So i’m sure that every day you check these logs and look if something bad has happened, right ?

I have a central log server that all my servers send their logs to. Every so often several of the servers stop sending their logs to the main server. If I restart syslog on the client I get the logger shuting down messages, and then it starts sending messages again.

Any idea where to begin debugging? Also the central log server runs rsyslog and most of teh clients run syslog.

Syslog logging question 3 years 21 weeks ago

Hi all,

Currently Im having a syslog server that consolidate firewall logs on port 514 udp.

Im also having a IDS device that I wish to push its logs to this particular syslog server so that I can retrieve my IDS logs on this server as well.

Is it possible to do so?Having syslog listening on port 514 for both firewall and IDS logs?

Below is my Nginx.conf -

#user nobody; worker_processes 1;

#error_log logs/error.log; #error_log logs/error.log notice; #error_log logs/error.log info;

#pid logs/nginx.pid;

events { worker_connections 1024; }

http { include mime.types; default_type application/octet-stream;

#log_format main '$remote_addr - $remote_user [$time_local] "$request" ' #