Logging external device logs using Ubuntu's syslog

Requirements:

Use the Ubuntu 8.04 Server version of the syslog record Juniper isg1000 log for 3 months.

1. Allow syslog to record external logs

Modify the/ETC/DEFAULT/SYSLOGD to change the syslogd= "" to syslogd= "-R"

2. Define external log types

Modify the Juniper isg1000 log definition so that its generated log is defined as LOCAL7 and send logs to the Ubuntu server.

3. Define log files

In view of the more log files, create a new firewall directory under/var/log to save the log file. Directory attribute 755.

Modify the/etc/syslog.conf to add the following line:

local7.*

-/var/log/firewall/firewall.log

The Test record is not a problem, but there are a few serious problems identified below.

4, Duplicate record problem

Syslog is not only recorded in the Firewall.log, but also in the/var/log syslog and messages records, because the log is very large, this trouble. Look at Syslog.conf's man, there's one! feature, the syslog and messages definitions in the Syslog.conf file are preceded by a!local7.*, and it feels good that syslog no longer logs device logs to the syslog and messages files.

5, the file is very big problem

The maximum log file for the syslog record is no more than 2.5G, and if it is exceeded, the record will be stopped. and isg1000 about 4 hours of the log to reach this number. Log rotation must be set. In/ETC/LOGROTATE.D, create a new firewall log rotation control file in the properties 644,firewall as follows:

/var/log/firewall/firewall.log {
start 1000
rotate 512
maxage 100
size 1500M
compress
delaycompress
missingok

postrotate
/usr/bin/killall -HUP syslogd
endscript
}