Event log monitoring
Harper Mann
hmann at itgroundwork.com
Wed Oct 13 21:42:09 UTC 2004
Syslog can do this. You need the "-r" switch to allow the central syslog
server to receive forwarded log entries from "clients". Try "man syslogd".
You can set the -r option in /etc/sysconfig/syslog by adding it to the
SYSLOGD_OPTIONS string. Run "service syslog restart" after....
On the client servers you want to forward, just add "*.* @server" to
/etc/syslog.conf. This will forward all syslog entries to "server". You
need to restart syslog after changing the .conf file. "man syslog.conf"
will give you more options for finer control of what's forwarded.
For log file analysis, there is a project called "syslog-ng" which works
well. You can find this at http://www.balabit.com/products/syslog_ng/
Lastly, if you want to forward windows event logs, you can use a service
called Snare. http://www.intersectalliance.com/snareserver/index.html
Hope this helps,
- Harper
Harper Mann
Groundwork Open Source Solutions
510-599-2075 (cell)
-----Original Message-----
From: redhat-list-bounces at redhat.com [mailto:redhat-list-bounces at redhat.com]
On Behalf Of Nathaniel Hall
Sent: Wednesday, October 13, 2004 2:12 PM
To: Stephane Auger; General Red Hat Linux discussion list
Subject: Re: Event log monitoring
What type of systems are you wanting to monitor event logs on?
Depending on the type of system depends on the answer.
Nathaniel Hall
Intrusion Detection and Firewall Technician
Ozarks Technical Community College -- Office of Computer Networking
halln at otc.edu
417-799-0552
Stephane Auger wrote:
>Hey everyone,
>
> I'm looking for a practical way to monitor event logs on multiple
>servers. There are multiple subnets at multiple sites, and I have one
>main LAN to monitor everything. Is there some kind of software/batch
>file that could be installed on the servers so that the events be sent
>on my monitoring lan (a little bit like SNMP sending to a listening
>server)? Thanks!!
>
>Stephane Auger, MCP
>
>
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
More information about the redhat-list
mailing list