Linux Today: Linux News On Internet Time.

More on LinuxToday

Building A Central Loghost On CentOS And RHEL 5 With rsyslog

Jan 19, 2011, 20:34 (1 Talkback[s])


Re-Imagining Linux Platforms to Meet the Needs of Cloud Service Providers

[ Thanks to Falko Timme for this link. ]

"Gathering log messages is important. In a lot of situations you'll want to store all entries of logfiles on another server. If a server crashes or gets hacked you want to be able to browse through logfiles from this machine and you want to be sure these log files are not altered in any way. This can be accomplished using a central logserver that receives messages from all other hosts. A syslog facility can receive messages from UNIX and Linux hosts but also network devices and certainly Windows hosts. Such a syslog host should make these logfiles available to auditors and sysops using a read-only interface or they should not be available to anyone until an incident occurs.

"Technically the difference is in how you store the messages:
- in plain text on a filesystem
- in an sql database with a web-interface

"This howto describes rsyslog putting log messages in one file per day per remote host. Rsyslog is the current standard in RHEL6 and available as a package in the current package streams in RHEL 5.5 (and CentOS 5.5). Setting up rsyslog is pretty simple. It all comes down to a single config file but (there is always a but) every setting needs some planning."

Complete Story

Related Stories: