Home

Gene Liverman

Gene Liverman's picture

Profile

Gene Liverman

Occupation: 
Systems Administrator of *nix and VMware at a university.
Open Source project(s) I'm involved with or passionate about: 
Untangle, Drupal, Moodle, iTALC, LTSP, Ubuntu

I am interested in most things that relate to the desktop and server though I am particularly fond of virtualization. I love to find ways for Linux to work in educational environments (K-12 and higher ed) both on the front end and the back end. Most everywhere I have worked has used Windows as their desktop OS so a lot of my tinkering has revolved around making Linux play nice with Windows and Active Directory. I also have a fair amount of experience with Mac's. I cut my teeth on Gentoo Linux back in 2004 and used it almost exclusively until 2007 when I discovered Ubuntu. Though Gentoo is great for some things I fell in love with not having to compile everything and the great Debian package management system. The open source project I am the most passionate about is Untangle. Their platform is one of the very best ways I have found to prove Linux as a valuable resource to people. It is a shining example of what can be done when you combine the efforts of our wonderful community.


Guestbook

» You must be logged in to post a comment.

uniquegch
uniquegch's picture
Sun, 03/11/2012 - 05:28

Hello Gene,

great article on how to "Centralized Logging with a Web Interface".
I have three questions. I am still new to Linux, but I want to centralize all my logs using your article.

I have a server (Ubuntu 10.04 64bit) which has a 500 GB ext3 volume (sdb2) I want to use to store all the log files from servers, firewall, switches etc.

1. Location of log files.
by default the log files are being stored under /var/logs. The sda disk is only 80GB which is sufficient for the OS.
Now I assume I have to change in the rsyslog.conf the path for the location of the log files

2. MySQL Server
I already have LAMP running on that server for other server services. Now with your article all log files will be saved to the MySQL Database. Does that mean that the logfiles will not be stored in the default location /var/logs? Or will the be stored in the MySQL Database AND the /var/logs folder? Because I would then also like to move the MySQL Database to the sdb2 volume.

3. different log configs for different systems
based on your article you can have different config files. does it make sense, or is it actually necessary on having an own config file for
- firewall
- switch 1 and switch 2
- each server service

With the usage of MySQL the logfiles of a device can be queried.

Any feedback and links and advice is more than appreciated.

cheers
Gerald

m_ab_malik
m_ab_malik's picture
Mon, 05/30/2011 - 13:25

I have configured Rsyslog with RELP and Log analyzer, now facing problem in eventlog feild veiw there are some fields are missing like eventlog type, event user, source event and event Id, can anyone help in this regards, here is my rsyslog.conf file,

# /etc/rsyslog.conf Configuration file for rsyslog.
#
# For more information see
# /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html
#
# Default logging rules can be found in /etc/rsyslog.d/50-default.conf

#################
#### MODULES ####
#################

$ModLoad imuxsock # provides support for local system logging
$ModLoad imklog # provides kernel logging support (previously done by rklogd)
#$ModLoad immark # provides --MARK-- message capability

$KLogPath /proc/kmsg

# provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514

# provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514

###########################
#### GLOBAL DIRECTIVES ####
###########################

#
# Use traditional timestamp format.
# To enable high precision timestamps, comment out the following line.
#
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

# Filter duplicated messages
$RepeatedMsgReduction on

#
# Set the default permissions for all log files.
#
$FileOwner syslog
$FileGroup adm
$FileCreateMode 0640
$DirCreateMode 0755
$Umask 0022
$PrivDropToUser syslog
$PrivDropToGroup syslog

#
# Include all config files in /etc/rsyslog.d/
#
$IncludeConfig /etc/rsyslog.d/*.conf

# Buffering stuff:
$WorkDirectory /var/rsyslog/work # default location for work (spool) files
$ActionQueueType LinkedList # use asynchronous processing
$ActionQueueFileName dbq # set file name, also enables disk mode
$ActionResumeRetryCount -1 # infinite retries on insert failure

lease note i am not using event reporter

Comment by Gene Liverman
Have you looked at the logs on your source machine to ensure those values are in the logs there?
m_ab_malik
m_ab_malik's picture
Sat, 05/28/2011 - 22:58

When I select veiw "eventlog feild" follwoing fields in loganalyzer are empty,
Event Type, Event Source, Event ID and Event User. Please guide me, how resolve this problem

m_ab_malik
m_ab_malik's picture
Sat, 05/28/2011 - 13:12

I have configured rsyslog server and snare agent for windows system but following fields are missing in log analyzer
Event Type, Event Source, Event ID and Event User. Please guide me, how resolve this problem

Webcast
More Resources
How to Build an Optimal Hadoop Cluster to Store and Maintain Unlimited Amounts of Data Using Microservers

Realizing the promise of Apache® Hadoop® requires the effective deployment of compute, memory, storage and networking to achieve optimal results. With its flexibility and multitude of options, it is easy to over or under provision the server infrastructure, resulting in poor performance and high TCO. Join us for an in depth, technical discussion with industry experts from leading Hadoop and server companies who will provide insights into the key considerations for designing and deploying an optimal Hadoop cluster.

Learn More

Sponsored by AMD

White Paper
More Resources
Red Hat White Paper: Using an Open Source Framework to Catch the Bad Guy

Built-in forensics, incident response, and security with Red Hat Enterprise Linux 6

Every security policy provides guidance and requirements for ensuring adequate protection of information and data, as well as high-level technical and administrative security requirements for a system in a given environment. Traditionally, providing security for a system focuses on the confidentiality of the information on it. However, protecting the data integrity and system and data availability is just as important. For example, when processing United States intelligence information, there are three attributes that require protection: confidentiality, integrity, and availability.

Learn more about catching the bad guy in this free white paper.

Learn More

Sponsored by DLT Solutions