Difference between revisions of "Archive:Log host"

From Tardis
Jump to: navigation, search
(Note recent changes.)
Line 13: Line 13:
 
=== Firewall logging ===
 
=== Firewall logging ===
  
The one exception to the above is the firewall, which generates its own log emails.  Currently this uses [http://packages.debian.org/logcheck logcheck] for the syslog entries and [http://packages.debian.org/fwlogwatch fwlogwatch] for firewall reports.
+
The one exception to the above is the firewall, which generates its own log emails.  Currently this uses [http://www.tardis.ed.ac.uk/~bacam/logprocessing/ bacam's piperlog] for the syslog entries and [http://packages.debian.org/fwlogwatch fwlogwatch] for firewall reports.
  
 
[[category:services]]
 
[[category:services]]
 
[[category:infrastructure]]
 
[[category:infrastructure]]

Revision as of 11:29, 30 November 2007

Most Tardis Linux machines are set to send log messages to the log host (currently piper) for easy consultation and to provide log summary emails. The summary emails are compiled by bacam's piperlog (previously they were produced by logcheck) and boring messages can be ignored by adding new patterns to the local-* files in /etc/logcheck/ignore.d.server. These are sent to the sysmans-logs alias. Separate emails are provided for mail by pflogsumm, which are sent to postfix-logs.

To make syslog send logs to the log host, put

*.*     @loghost

into /etc/syslog.conf.

To get syslog to accept remote logs, you need to edit /etc/init.d/sysklogd.

To receive hourly log summaries by email, add yourself to the sysmans-logs and root aliases in /etc/aliases on mccoy, and remember to run 'newaliases' when you're done. The altlogs alias was introduced when the piperlog script was first tried out, but now receives the same logs as sysmans-logs.

Firewall logging

The one exception to the above is the firewall, which generates its own log emails. Currently this uses bacam's piperlog for the syslog entries and fwlogwatch for firewall reports.