Centralized System Logger
You need to install syslog-ng on all of your server machines (ns1, ns2, web, mysql, mail). You will need to send the system logs for each of these to a centralized system logging server that you have set up (logger.yourdomain.com).
logger should have a static ip address next to your server ip addresses. Each system should have its’ own log file on the new server (i.e. /var/log/ns1/system.log)
Make sure you copy my ssh key to your new logger machine.
In addition to the syslogs above, you should create filters on the
logger that will separate out the following log files:
/var/log/apache2/error.logon your web server should be sent to a different log file on your log server (i.e. /var/log/web/error.log)(Hint: Perhaps see the program directive on syslog-ng website, on my server I did something like this
host("126.96.36.199")and program("ERRLOG");On the client
/var/log/exim/mainlogfrom your mailserver should be sent to a different file on your logserver (i.e. /var/log/mail/mainlog.log)
- You should filter out messages that have the string CRON in them (from ALL machines) and send them to the SAME log file (i.e. /var/log/all_cron.log)
You should also setup logrotate to rotate these newly created logs if they ever get over 100K in size. Logs should also be compressed and no more that 5 logs worth should be saved. Don’t compress the first backup.
Create a report with the following elements:
- A text file with the following format:
The file must be named
dns1_ip: ip_address_of_master_dns_system dns2_ip: ip_address_of_slave_dns_system smtp_ip: ip_address_of_smtp_system http_ip: ip_address_of_http_system mysql_ip: ip_address_of_mysql_system logger_ip: ip_address_of_logger_system dns1_syslog: location of dns syslog on logger machine dns2_syslog: location of dns syslog on logger machine smtp_syslog: location of dns syslog on logger machine http_syslog: location of dns syslog on logger machine mysql_syslog: location of dns syslog on logger machine apache_errorlog: location of apache2 error log on logger machine exim_mainlog: location of exim4 mainlog on logger machine cron_log: location of cron log on logger machine
For example, my file could look like this:
dns1_ip: 188.8.131.52 dns2_ip: 184.108.40.206 smtp_ip: 220.127.116.11 http_ip: 18.104.22.168 mysql_ip: 22.214.171.124 logger_ip: 126.96.36.199 dns1_syslog: /var/log/ns1/system.log dns2_syslog: /var/log/ns2/system.log smtp_syslog: /var/log/smtp/system.log http_syslog: /var/log/http/system.log mysql_syslog: /var/log/mysql/system.log apache_errorlog: /var/log/http/error.log exim_mainlog: /var/log/smtp/main.log cron_log: /var/log/all_cron.log
- Submit your info file to the
loggerassignment in the submission system.
Last Updated 01/16/2018