How to centralized logging on Solaris 10 servers (Beginner Question)

[underh20]

Dear Sir/Madam,

We have six Solaris 10 servers in different locations. Each server
collects and hosts all its user access/system activities/hardware-os
logs.
I need to send all these logs on a very regular basis to a
centralized locations which is another Unix server, a Window server
and a designated recipient's email account.
Is there freeware or commercial product out there for it? I need
to find a centralized logging tool that's not expensive and very
straight-forward to setup.

Thanks for your advice,

Bill

[webjuan]

Have you looked at stslog-ng? http://www.balabit.com/network-security/syslog-ng/

[webjuan]

Typo: stslog-ng = syslog-ng

[hume.sp...@bofh.ca]

In comp.unix.solaris underh20 <underh20.s...@gmail.com> wrote:
> Is there freeware or commercial product out there for it? I need
> to find a centralized logging tool that's not expensive and very
> straight-forward to setup.

Do you need something more complex than simply configuring syslog on your
machines to log to the central Unix machine?

--
Brandon Hume - hume -> BOFH.Ca, http://WWW.BOFH.Ca/

[Doug Freyburger]

underh20 wrote:
>
> We have six Solaris 10 servers in different locations. Each server
> collects and hosts all its user access/system activities/hardware-os
> logs.
> I need to send all these logs on a very regular basis to a
> centralized locations which is another Unix server,

See /etc/syslog.conf on the sending hosts for how to set them up when
the name loghost appears in DNS or /etc/hosts.

See /etc/default/syslogd on the receiving host for how to set it up to
receive the transmitted log messages.

> a Window server and a designated recipient's email account.

On the receiving host you'll want to ply games with /etc/syslog.conf to
put piped commands in there. Not something I want to do.

For my monitoring I run a script that does a delta on the contents of
/var/adm/messages to find new lines, filters for priority, pages when
interesting lines appear. To handle when logrotate cycles the file I
detect when the size decreases and I filter out the restart line.

> Is there freeware or commercial product out there for it? I need
> to find a centralized logging tool that's not expensive and very
> straight-forward to setup.

Others have mentioned syslog-ng. Probably overkill in your case but
it's always a good idea to look into the common standard tool for the
job and also the common freeware next-gen tool for it as well.

[John Gordon]

In <8aa91818-75e3-496a...@y10g2000prg.googlegroups.com> underh20 <underh20.s...@gmail.com> writes:

> Dear Sir/Madam,

> We have six Solaris 10 servers in different locations. Each server
> collects and hosts all its user access/system activities/hardware-os
> logs.
> I need to send all these logs on a very regular basis to a
> centralized locations which is another Unix server, a Window server
> and a designated recipient's email account.

By "send all these logs", do you just mean copy the files to the other
locations?

Once sent, what do you want to happen to the local logs? Should they
be archived and a new logfile started, or will each submission contain
duplicate data from the last time plus some new data?

Do you want the central hosts to perform any sort of collation or
aggregation of the logs, or will they exist simply as lots of files in a
directory somewhere?

--
John Gordon A is for Amy, who fell down the stairs
gor...@panix.com B is for Basil, assaulted by bears
-- Edward Gorey, "The Gashlycrumb Tinies"

[webjuan]

Check out this presentation by Blog O’ Matty called "Centralized
Logging With syslog-ng" at http://prefetch.net/presentations/CentralizedLoggingSyslogNG.pdf