Syslog replay script for centralized syslog host

Syslog replay script for centralized syslog host

Post by leroy isa » Sat, 30 Oct 2004 04:24:49



I have a need to retrieve syslog data from various remote nodes, and
the smallest network link to the remote nodes is 19K. The syslog
traffic for the link
cannot exceed 9K.

I plan to setup a configuration which generates new log files every 10
minutes. These files are then compressed, zipped, and transfered to a
centralized
loghost.

The files are then unzipped, uncompressed, and the data is inserted
into the syslog data stream on a central syslog host.

Is there a script or utility which will accomplish this task? If not,
then does any one have any suggestions on products which may
accomplish this same
task.

LeRoy Isaac

 
 
 

Syslog replay script for centralized syslog host

Post by Juhan Leeme » Sun, 31 Oct 2004 13:30:30



> I have a need to retrieve syslog data from various remote nodes, and
> the smallest network link to the remote nodes is 19K. The syslog
> traffic for the link
> cannot exceed 9K.

> I plan to setup a configuration which generates new log files every 10
> minutes. These files are then compressed, zipped, and transfered to a
> centralized
> loghost.

Are you generating a lot of log data? Are the nodes always connected?
or only occasional dialup? Why not customize your syslog configuration to
forward only significant events to a centralized loghost in real time?

Why the (artificial?) limit on network traffic? Why not just let the link
(ppp?) be shared between all users, and let network software sort it out?
If nothing else is using the link, why not use all bandwidth?

Quote:> The files are then unzipped, uncompressed, and the data is inserted
> into the syslog data stream on a central syslog host.

> Is there a script or utility which will accomplish this task? If not,
> then does any one have any suggestions on products which may
> accomplish this same
> task.

I'm inclined to agree with Michael. Sounds somewhat artificial.
I would suggest reading up on syslog and maybe (open source) syslog-ng.
Maybe what you really want is a network management system?

--
Juhan Leemet
Logicognosis, Inc.

 
 
 

1. Tuning syslog/Syslog reporting/Syslog enhancement/replacements

Hello,

        I have been investigating using syslog's logging facilities. I have
currently set up our network to log to a central logging host. In my
preliminary attempts, I have set up syslog to dump everything to a single file,
which gets messy. I've sorted out the files now, and I have noticed that
certain applications such as telnetd and ftpd write to the LOG_MAIL facility.
Is there
a way to alter the logging facility that they report to, or will I have to have
modified binaries to handle this? I'm mostly concerned with our AIX machines
but we also have HPUX, Sunos/Solaris, and OSF. I could very well have it dump
all
information and sort out the data based on rules I develop using
sed/awk/perl/grep (whatever), But it would be nicer if it were done by
syslog/programs writing to syslog.

        Also, is anyone familiar with any other logging utilities? I would be grateful
for some help/advice or some pointers to where to find this information.

Thanks for your help.

Adam

2. Kde2.2 install pb on Mdk 7.2 and Konqueror crash

3. creating different syslog file /var/log/syslog.0 /var/log/syslog.1...

4. installation problem: spurious interrupt encountered

5. Syslog question - getting other hosts' syslog messages

6. OpenBSD 2.8 and TDSL

7. centralize syslog

8. Print from Linux to Novell Print Server

9. how to centralize aix syslog to a windows 2000 server ?

10. Syslog parser wanted to replace Kiwi Syslog (win32)

11. what happens when using syslog.conf @host and host is down???

12. syslog.conf/syslog

13. Sending syslog messages to a remote syslog server