Log management
Seth Vidal
skvidal at fedoraproject.org
Tue Jan 12 15:09:44 UTC 2010
On Tue, 12 Jan 2010, Maxim Burgerhout wrote:
> custom ones as time goes by and the need arises.
>
> Is building a central logserver an option at all, btw?
>
> We could also use the 'swatch' program Ray mentioned or something like
> it to receive alerts and then epylog / lire / something else to
> generate the daily reports.
>
In a former life here is what I did:
syslog-ng to make sets of logs merged into common locations using the same
format/structure of /var/log on any system.
so I had:
/var/log/profiles/webservers/....
/var/log/profiles/appservers/....
/var/log/profiles/mxes/...
etc etc
Then I used epylog to generate html output of each of the above every day
so we could sift them properly.
And I used sec:
http://simple-evcorr.sourceforge.net/
to do on-the-fly event notification. When something specific came into
syslog-ng it would spawn an sec job which would send alerts using nrpe to
nagios.
I can probably obtain those configs if they would be handy.
-sv
More information about the infrastructure
mailing list