[Dshield] Syslog Server Software

Frank Knobbe frank at knobbe.us
Fri Mar 24 01:09:46 GMT 2006


On Thu, 2006-03-23 at 09:15 -0500, Timothy A. Holmes wrote:
> I installed syslog-NG on a dedicated Gentoo box and routed all my syslog
> traffic to it, Splunk is ingesting the data and presenting it to me in a
> useable format, todays projects include setting up syslog-ng on my
> fedora stations and figuring out logrotate -- the idea of log-watch
> sounds good as well, I may very well look at that also

You don't need logrotate with syslog-ng. It can automatically create
files based on date. For example:

  destination messages
{ file("/var/log/$HOST/$YEAR-$MONTH-$DAY-messages"); };

will create "-message" files with the date prefixed in a subdirectory
for each server (ie. /var/log/myserver/2006-03-23-messages). Feel free
to check and configure your various file-based destinations as you see
fit.

Regards,
Frank

-- 
It is said that the Internet is a public utility. As such, it is best
compared to a sewer. A big, fat pipe with a bunch of crap sloshing
against your ports.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://www.dshield.org/pipermail/list/attachments/20060323/dd2b8640/attachment.bin


More information about the list mailing list