How to Create a log server on Linux-Linux Enterprise Application-Linux server application information. A task was arranged the day before yesterday to set up a log server on one server to record the logs of all servers in the current network segment, our network segment includes WWW, DNS, Mail, billing, Video, e-government, and more than a dozen servers, including Windows2000, Windows2003, Linux9, AS4, and Solaris. Because I didn't have any experience or materials in this area before, I naturally thought about collecting data on the Internet. It may be that the application in this area is not too wide, only one piece of information is found, that is, this "centralized server log management ". The full text is as follows:
----------------------
1. Create a log server to receive logs sent from the client. Use the default syslog program in Linux.
Configure the syslog program to receive logs from other servers.
To classify logs by Server ip address, you can configure the syslogd program as follows. You need to modify the/etc/syslog. conf file:
Authpriv. * |/var/log/servers/server_login.sh
This means that the system login and logout logs (including the local system login and logout logs) are stored in the/var/log/servers folder. Adding "|" before the record target indicates that the received information is handed over to the subsequent program for processing. This program can be a specialized log processing software, it can also be a small script compiled by yourself, for example:
#! /Bin/sh
Read stuff
SERVER = 'echo $ stuff | awk' {print $4 }''
Echo $ stuff>/var/log/login_log/$ SERVER. log
This simple script uses IP addresses as the basis for classification. read the log information first and use awk to retrieve the fourth field (that is, the field where the IP address or host name is located ), store logs of the host using this field as the file name. In this way, logs from 192.168.1.1 are recorded in the 192.168.1.1.log file, and logs from 192.168.1.2 are recorded in the 192.168.1.2.log file, which makes analysis and classification easier. Even after the log information is classified, it is more convenient to manage and analyze logs.
2. Configure the linux client and send its logs to the log server.
3. Configure the windows server to send logs to the log server. You must install a third-party software named eventsys to forward logs to the syslog Log Service Program in linux. Is:
Https://engineering.purdue.edu/E... cuments/UNIX/evtsys
After decompression, two files, evtsys.dlland evtsys.exe, are copied to the c: \ windows \ system32 directory.
Open a Windows Command Prompt (START-> run cmd)
C: \> evtsys? I? H 192.168.0.2
-I indicates that the service is installed as a system service.
-H: Specify the IP address of the log server
Open the windows Group Policy Editor (START-> Run and enter gpedit. msc), go to windows Settings> Security Settings> Local Policies> Audit Policy to open the windows logs you need to record. Evtsys checks whether a new windows Log is generated in real time, converts the new log to a recognizable syslogd format, and sends it to the syslogd server through UDP port 3072.
The difference is that evtsys sends the information to syslogd logs as a daemon device.
Therefore, you need to add the following to/etc/syslog. conf:
After reading this article, I have a rough idea about how to operate it. However, there are still some detailed questions that need to be clarified:
1: The first step is not very clear about how to create a log server. Is the script written in the last four lines the previous program server_login.sh? Then, will this step simply write a script and change the syslog. conf file? I always think it is not that simple.
2: how to configure the Linux client to send its logs to the log server? In addition, many of our servers use the Linux AS4 system. If the installed version of the log server is different from or lower than it (such as Redhat Linux9), can the log be transmitted as well?
3: The third step is to configure the Windows client, that is, the Windows client uses the Eventvwr provided by the system to record system logs. msc component. The logs recorded by this component are divided into three parts: application logs, system logs, and security logs. When sending logs to the log server, will all three parts be sent?
4: many proprietary systems have their own logging tools, such as the billing server and email server. Can these logs be recorded on the log server? What should I do if I can?
5: Is there any software for building a log server based on Windows? Of course, it can receive logs sent from Linux, Solaris, FreeBSD, and other operating systems across systems.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.