Use syslog in ubuntu to record external device logs

Source: Internet
Author: User
Article Title: Use syslog in ubuntu to record external device logs. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.

Requirements:
The juniper isg1000 log is recorded using the syslog of ubuntu 8.04 server, and is retained for three months.

1. syslog is allowed to record external logs.
Modify/etc/default/syslogd and change SYSLOGD = "" To SYSLOGD = "-r"

2. Define External Log types
Modify the juniper isg1000 log definition, define the generated log as local7, and send the log to the ubuntu server.

3. Define log files
Considering the large number of log files, you can create a new firewall directory under/var/log to save log files. Directory property 755.
Modify/etc/syslog. conf and add the following line to it:
Local7 .*
-/Var/log/firewall. log

The test records fail, but the following serious problems are found.

4. duplicate records
Syslog is not only recorded in firewall. log, but also in/var/log syslog and messages records. This is troublesome because of the large log size. Look at the man of syslog. conf. There is another one! Function. added the syslog and messages definitions in the syslog. conf file! Local7. *. It feels good that syslog no longer records device logs from the syslog and messages files.

5. File size issues
The maximum size of the syslog log file cannot exceed 2.5 GB. If the maximum size is exceeded, the log file will be stopped. The number of isg1000 logs reaches this level in about four hours. Log rotation must be set. Create a firewall log rotation control file in/etc/logrotate. d. The property is 644, as shown in the following figure in firewall:

/Var/log/firewall. log {
Start 1, 1000
Rotate 512
In maxage 100
Size 1500 M
Compress
Delaycompress
Missingok

Postrotate
/Usr/bin/killall-HUP syslogd
Endscript
}

The above content is briefly explained:
Because log files need to be saved for three months and an average of five log files are generated every day, you can set a maximum of 512 log files to be retained for 100 days.
The file suffix number starts from 1000, which is better than sorting from 1.
Rotate when the file size exceeds MB.
To reduce storage space usage, log files after rotation need to be compressed, but are not compressed immediately after rotation, but compressed at the next rotation to Prevent syslog data loss when writing data to the current file.

After the above settings, I think we can, who knows how to use it for a few days, and find that there are still problems.

6. Solve the file size problem again
The firewall. log file is still more than 2 GB, but it is rotated when it reaches MB according to the settings. Why? Take a closer look at man logrotate. It turns out that logrotate runs once a day. When it runs, firewall. log has already reached 2 GB. What should I do? Let it run once an hour and copy the/etc/cron. daily/logtotate file to/etc/cron. hourly. It seems that the problem has been solved.

7. Solve the problem that log files are rotated less than MB and log file names are not generated according to the defined rules.
After several days of operation, I found a small problem. Several files do not rotate after MB is set, and the file names are not generated as defined, but in the original firewall. log.0 mode. However, they all share the same characteristics, which are generated at a.m. Let me think about it. It must be a ghost of the sysklogd script in cron. Enter the cron sub-directories in/etc, and set the following sentence or similar
Logs = $ (syslogd-listfiles)
Add the-s firewall. log parameter and change it
Logs = $ (syslogd-listfiles-s firewall. log)
So that the log Service no longer processes firewall. log logs.

8. solve other problems
No.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.