The configuration is quite simple:
- [srv] prepare a machine to do the log server
- [srv] open it's rsyslogd to receive messages on UDP (or TCP) port
- [srv] log the selected facility.level to a log file
- [cli] forward the above facility.level to @srv
- only 8 facilities for users custom log (local0-local7)
- only 8 levels for logs severity
rsyslog is quite flexible and it allows you to filter messages based on the tag in them, and log in different files, but it's still something very "home-made" and not that professional.
I don't we're the only one needing a remote logging tool, and while syslog is the classic solution, is very bind to the system logs and not to the applications logs: any suggestions for this task? I'd like to hear how you solved this task, possibly without a custom tool, but using something standard.
5 comments:
Assuming you want to keep your logging servers on the same network as the web servers, try mod_log_spread.
Could you use non standard port ?
@Ivan: thanks for the suggestion: we'll look into it for apache log. Sadly, it's only for apache (while we might also considering logging other/custom services).
@Antoine: sure, we can use any port (if not already reserved) we need: it's just for logging inside the datacenter lan.
Scribe?
@Justin: oh god, scribe is damn cool! it's just a bit difficult to compile (we use also non-debian systems) but it seems to be exactly what we need. Thanks a lot for this suggestion.
Post a Comment