[plug] network log reporting

Adrian Woodley Adrian at Diskworld.com.au
Fri Jun 24 08:27:32 WST 2011


Try running the following on one of your log generating boxes;

tcpdump -n -i eth0 port 514

If all is fine with the box, it should show traffic leaving for the log 
server.

If not, then you're syslog config is probably incorrect. Can you show us 
the changes you've made to the config to try and get this to work?

Adrian

On 06/24/2011 06:37 AM, wolfbite wrote:
> nup! still missing something
>
> everything seems to point that the central server  works and can 
> recieve  a command on the port
>
> looks like its probably the client sending box not sending (but can 
> send a non syslog test to server from box
>
> did build of rsyslog 5.8.2
> still seems the same, so guess it must be issue with client sending
>
> any ideas appreciated
>
> thanks
>
> On 22/06/11 18:21, Adrian Woodley wrote:
>> Most syslog packages, including rsyslog which is the default on 
>> Ubuntu, will do logging via TCP/UDP.
>>
>> On your receiving box, edit /etc/rsyslog.conf and uncomment:
>>
>> $ModLoad imudp
>> $UDPServerRun 514
>>
>> $ModLoad imtcp
>> $InputTCPServerRun 514
>>
>> On your log generating boxes, create /etc/rsyslog.d/10-remote:
>> *.* @@<ip.of.log.server>:514;SyslFormat
>>
>> From there you could use something like Splunk 
>> (htp://www.splunk.com/) to interrogate and display your logs. (I 
>> believe there's a free version, with a volume limit on the amount of 
>> logs to be processed a day). Patrick Coleman knows heaps about Splunk 
>> and will probably jump on here shortly to evangelise it.
>>
>> I've also come across Adiscon Log Analyzer 
>> (http://loganalyzer.adiscon.com/), while looking on the rsyslog.com 
>> page. I haven't used it, but the demo page looks interesting. It also 
>> has a free download.
>>
>> If you give either of these products a go, let us know how you get on 
>> and what you think.
>>
>> Cheers,
>>
>> Adrian
>>
>> On 06/22/2011 05:20 PM, wolfbite wrote:
>>> be gentle with me and dont make my head hurt too much :)
>>>
>>> I have multiple computers connected to my network
>>> I've setup a OLD computer and screen to be an information computer 
>>> (computer & screen  perm on)
>>>
>>> I currently have it running with
>>> ubuntu maverick
>>> xorg openbox
>>> conky clock
>>> conky wearther
>>> conky googlecalendar (love conky :)
>>>
>>> looking at displaying syslog & such from multiple computers (local 
>>> already ok)
>>>
>>> what I want is a SIMPLE :) system where I can send syslogs or other 
>>> data from any computer to monitor computer.
>>> I dont want the info going external (ie out via isp then back, 
>>> security &spam reasons)
>>> but I would like to keep it simple without maintaining a full blown 
>>> mail server etc.
>>>
>>> seems like theres LOTS of ways but seem quit convoluted
>>> looked at offlineimap, postfix, exim, etc and my brain is glazing over
>>>
>>> any pointing into the right direction appreciated
>>>
>>> Thanks
>>> _______________________________________________
>>> PLUG discussion list: plug at plug.org.au
>>> http://lists.plug.org.au/mailman/listinfo/plug
>>> Committee e-mail: committee at plug.linux.org.au
>>
>> _______________________________________________
>> PLUG discussion list: plug at plug.org.au
>> http://lists.plug.org.au/mailman/listinfo/plug
>> Committee e-mail: committee at plug.linux.org.au
>>
>
>
> _______________________________________________
> PLUG discussion list: plug at plug.org.au
> http://lists.plug.org.au/mailman/listinfo/plug
> Committee e-mail: committee at plug.linux.org.au




More information about the plug mailing list