[Freeipa-users] Setting up IPA to log remotely
Brendan Kearney
bpk678 at gmail.com
Tue Jun 3 02:26:09 UTC 2014
On Tue, 2014-06-03 at 00:42 +0000, Steven Jones wrote:
> Hi,
>
> I'll raise a request for this to be added then.
>
> Its a bit of an enterprise requirement feature that is of use for us.
>
> Not having much luck with rsyslog and application logs at the moment, good and accurate docs seem lacking for RHEL6.
>
> regards
>
> Steven
> ________________________________________
> From: Rob Crittenden <rcritten at redhat.com>
> Sent: Tuesday, 3 June 2014 9:27 a.m.
> To: Steven Jones
> Cc: freeipa-users at redhat.com
> Subject: Re: [Freeipa-users] Setting up IPA to log remotely
>
> Steven Jones wrote:
> > Is there a way to get IPA to send its logs remotely?
>
> We intend to do something like this with audit, most likely using the
> systemd journal, but it's a ways off.
>
> For now you'd need to do it manually on a per-service basis. I'd suggest
> looking at rsyslogd. You should be able to at least get the Apache and
> 389-ds logs using that.
>
> rob
>
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
check out http://www.rsyslog.com/doc/master/index.html for good and
accurate docs. i am using fedora 16 and 20 with RELP, fowarding syslog
from everywhere to a central location, and then dumping the logs into
mysql. phplogcon bolts on top of it for a web view of all the logs.
on a sending source:
$ModLoad imuxsock # provides support for local system logging (e.g. via
logger command)
$SystemLogRateLimitInterval 0
$IMUXSockRateLimitInterval 0
$ModLoad imklog # provides kernel logging support (previously done by
rklogd)
#$ModLoad immark # provides --MARK-- message capability
# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514
# Provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514
# Provides RELP transmission
$ModLoad omrelp
*.* :omrelp:192.168.25.1:20514;RSYSLOG_ForwardFormat
&~
on a receiving destination:
$ModLoad imuxsock # provides support for local system logging (e.g. via
logger command)
$SystemLogRateLimitInterval 0
$IMUXSockRateLimitInterval 0
$ModLoad imklog # provides kernel logging support (previously done by
rklogd)
#$ModLoad immark # provides --MARK-- message capability
# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514
# Provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514
# Provides RELP reception
$ModLoad imrelp
$InputRELPServerRun 20514
# Provides MySQL connectivity
$ModLoad ommysql
# MASSIVE INSERT RATE FOR DB / SCALED DB LOGGING
$WorkDirectory /var/spool/rsyslog # default location for work (spool)
files
$ActionQueueType LinkedList # use asynchronous processing
$ActionQueueFileName dbq # set file name, also enables disk mode
$ActionResumeRetryCount -1 # infinite retries on insert failure
# for PostgreSQL replace :ommysql: by :ompgsql: below:
*.* :ommysql:server.domain.tld,Syslog,user,password
More information about the Freeipa-users
mailing list