Server :: How Clients Handle Offline Syslog Servers
Apr 19, 2011
How do clients handle offline syslog servers?Will the log files be buffered locally to be sent to the syslog server when it comes back online, or will any log data generated during downtime be lost in cyber space?
I am thinking about installing rsyslog using yum, but I only want to try it out first and don't want to create conflicts and problems that will be hard to revert. When I ask yum on CentOS 5 about rsyslog, I get this (note much older version - it's too bad that even the latest STABLE rsyslog isn't in the repository):
I installed syslog-ng so I can receive remote logs. this is working however since I disabled syslog on my syslog-ng server I am not logging in /var/log/messages cron and some others.locally)I know this is because my syslog-ng.conf only references remote and not local.How can I edit the syslog-ng.conf file so that I can receive remote and local? I tried this however when adding in portions of the default config, I only receive local and not remote logs anymore. I am forwarding my config.
# syslog-ng configuration file. # # This should behave pretty much like the original syslog on RedHat. But
I'm guessing its possible but I can't seem to find any documentation on how to do this.I've tried playing with entries at the top of my syslog.conf file like:
*.* @172.20.10.1 # 1 server, works file *.* @172.20.10.1,172.20.20.11 # doesn't work *.* @172.20.10.1 172.20.20.11 # nor this *.* @172.20.10.1,@172.20.20.11 # nor this *.* @172.20.10.1 @172.20.20.11 # nor this
I am looking for an open source syslog server which accumulate the each and every log of Windows, Solaris, Linux and network devices. Currently I am using Syslog-ng which is not fulfiling my requirement in Windows clients, as I need the logs of every action which user performed after logon.
My server and clients (NFS and NIS) are in continuous attack via ssh. Somebody is trying to guess password and login, and making port 22 busy.What are different ways to stop this attack?I am thinking to block this ip in iptable but I have no good idea because I have not done this before. Any special consideration do I have to take while doing this thing? How is it done and which file does it modify?
I installed and configured LDAP server and client on RHEL5 successfully. Problem is that when I add more than one user on server and clients, It shows error 'invalid user'.When I run the command:-#chown -R user:users /home/user, It shows error 'invalid user'. by step for adding and modifying more users in ldap servers.
what cloud computing is and i think it can help me with some of my clients i want to switch my clients from a normal ubuntu server to a ubuntu cloud. as of right now i have to send out a bill to them and if they dont pay i have to shut down there service till they pay. what i would like to do is to have a cloud where i can sell them based on what they use not a set price like it is now. and have them be able to pay there bill on the cloud and if they miss the bill then the cloud can shut off there service till its payed.
i dont know if this is possible and i have looked everywhere and all i can find is info on other businesses billing and now how to set up a cloud to do this. i wish there was some kind of tutorial for this. if anyone can direct me to some good notes/tutorials that would be very helpful. this could be a big changing point in my business if i can do this. it would save a lot of time and cash.
I'm trying to setup a server at home, it has some practical implications, but largely it is just to take a stab at it. But I need the help of someone with more experience than I in defining exactly what I'm looking to do.
Here's what I have: old PC running Gutsy server connected to router. Several laptops at home connected via wifi to router. All laptops running either Windows or Ubuntu. Here's what I'm looking for: The server centralizes file storage for all clients. I would likely incorporate a RAID and some synchronised imaging of the files. I also want the server to create disk images of the clients hdd, regardless of client OS.There would also be some shares that would be publicly accessible (myself and friends accross the country would be able to access the same drive).
So I was thinking something like what corporate environment would be nice, you log into a profile that exists on the server. Like a dumb client...all data would be stored on the server. But I'm thinking that's more like a network boot and wouldn't work via wifi (or would it?). Also that wouldn't lend itself well to laptops used on the road in areas without net access. now I'm thinking each client would have its own locally installed OS, and they would just access networked shares. I could store sensitive files on the shares, but that wouldn't provide complete backup solution for each client.
Without rambling on anymore, anyone care to throw out some ideas? I'm really just looking to see if I can do what I want. The focus is on centrallizing files, securley backing up data and client OS's and ability to restore said images quickly.
I'm attempting to run a DHCP server on my home network to enable PXE booting for ethernet clients, but I'm having quite a few issues getting it all up and running. I'm not entirely sure what is wrong, but I keep encountering errors in syslog as follows:
Feb 27 02:26:46 servnerr-1 dhcpd: Wrote 0 leases to leases file. Feb 27 02:26:46 servnerr-1 dhcpd: Feb 27 02:26:46 servnerr-1 dhcpd: No subnet declaration for eth0 (192.168.1.3).
Networking is not exactly my strong suit, but I would like to get this up and running if at all possible.
I wanted to make a SysLog Server in Ubuntu 10.04 Desktop to collect the startup log of all the workstation inside the local area network,which should have a similar functionality to this guide here:Debian Syslog Server..However, when editing the sysklogd, i noticed it was empty and does not have any default values, along with the /etc/syslog.conf, which does not also exist.
I got my hands on a couple old servers. An HP tc2021 and a Proliant ML110. Sure they're ancient, but I thought they would make a couple of great Ubuntu Servers for a new "start up" business I'm trying out. Now I've got to decide the best scenario to distribute the load between the two servers. I'm going to make an internal domain and will probably be running the following: Kerberos, Samba, Apache, Postfix, mysql, bind, dhcp, SVN, GCC, and Nagios. So in summary, I'll have the following roles; domain controller, web server, file server, and network monitoring services. how they would handle splitting these services up between two servers?
Is openbsd (4.9) "server" compatible w/ ubuntu clients? note: have had no problems setting up ubuntu <> ubuntu sever client but having trouble w/ openbsd <> ubuntu client. "pernission denial" messages from openbsd server
Ive been asked by my boss to set up a ubuntu machine that will be used as a syslog server. He wants a GUI as a posed to a CLI. He would also perfer to have it non web based. We already have cati installed but he is not keen on the syslog side of that. Does anyone know of any other syslog programs?
I'm trying to set up a virtual web server using virtual pc and a net-tuts how to. So I went ahead and downloaded Ubuntu 9.10 Server Edition, but it only comes in 64-bit, and vpc doesn't handle 64-bit. How I can get around this? I have a machine that I could set up as a server, but that is also only 32-bit.
i would like to know how many connections per sec/min/hour, xampp can handle. I'm going to run SMF forum on my box, because i'm not ready yet with real server solution. System stats are: G31M-S2C; 2x2GB Kingston@920Mhz; E5200@3500Mhz; 500GB@7200 Seagate, all powered by Lucid x64. In a time i will migrate to a quad, mobo with raid support, etc. but at that point i'm want to know how much connections can xampp handle. Because of the forum nature, i think of auto deleting topics witn no new replys in 5 days for saving place (there will be minimum 1 and maybe max 5 photos per thread, maximum size 2Mb for each).
On this Ubuntu 8.04.4 LTS server, I want to log the messages from a Linksys router. So I made this change to "/etc/init.d/sysklogd" SYSLOGD="-r" Then in "/etc/syslog.conf" I added the following to the top of the file: Code: if $fromhost isequal 'Linksys' then /var/log/Linksys.log & ~
Then I rebooted the server. But there is no "/var/log/Linksys.log" file.
When building 8.04 servers, I reconfigure snmpd's logging options to prevent copious low priority messages being logged whenever our network management workstation polls them. I edit /etc/default/snmpd and change line 11 from:
I wish it was under better circumstances...very morning at 6:25am syslog-ng stops logging, right after it attempts to log rotate. its odd... the daemon doesnt die... it gets a new PID, but doesnt write the output to /var/log/syslog.Yet if I manually restart or reload syslog-ng it works great... its just like it doesnt like the logrotate...I have googled around and tried a few things...first I changed the postrotate in the logrotate.d/syslog-ng
I have been plagued by this for some time. How many times do you need to run chown -R user:www-data or similar to your webroot directory.I have been searching via Google and this forum. I have yet to find a definite answer to handle uploading and creating new files usable by apache2.Scenarios can vary. Some folks put there webroot inside a /home directory. Some users leave the default location as /var/www.I have a two part question.. Why do I often read "Apache runs as user=www-data, therefore files need to be readable by such (www-data)", but the default install in Ubuntu includes an index.html with the following?
Currently Im having a syslog server that consolidate firewall logs on port 514 udp. Im also having a IDS device that I wish to push its logs to this particular syslog server so that I can retrieve my IDS logs on this server as well.
Is it possible to do so?Having syslog listening on port 514 for both firewall and IDS logs? If it is possible will the logs be recorded in a single log file?Or will it be recorded in a separate log file ie. firewall.log, IDS.log etc?? I wish to have them in separate individual log files or else there will be hard time segregating the log entries in a single file. Can anyone advice on how to achieve this??
I'm running a syslog server on ubuntu 7.04. Can I somehow have it email me if it finds a certain thing in the log? For example. I'm running a PRI and when the PRI goes down, it logs a "DEACTIVED" in the log. I would like an email telling me this so I know to get on it and fix it.
I recently upgraded a Ubuntu server from version 8.04 to 10.04 and after a reboot the webmin and syslog-ng server do not start at boot anymore. I can start them manually by doing /etc/init.d/webmin start and /etc/init.d/syslong-ng start and everything works fine until I root again. Granted this machine is rarely rebooted but when it is, I don't want to have to remember to start these services. I have tried a full removal of syslog-ng and reinstall but to no avail. The entries are in the rc directories like they should and the links are valid.
I am running a headless Ubuntu 10.04 server with the 2.6.32-28-generic kernel. For what I can figure out no single direct cause I get a high load average and the following syslog output at random intervals. Generally the load average will drop back down to normal however the kernel errors will still continue What little I have been able to find has pointed to memory issues. I am not totaly convinced this is the cause as the server will be showing >50% free when the errors are happening.
I guess with major changes to syslog-ng, php-syslog going to licensing cost, and major overhaul to the syslog plugin with cacti - alot of documention was either disjointed, outdated or I just couldn't find it.this was performed on an 11.04 Ubuntu Server tall. I already had Cacti up and running and just needed to make it also a syslog collector.This guide assumes you already have mysql running, and cacti is already in place. If something looks wrong - please correct me. I am doing this from memory - trying to remember what all I had to do, and not a super admin.Required ubuntu install packages:libdbd-mysql syslog-ngcacti install packages:[URL]
Stop syslog-ng if you want. Changes should not take effect until you restart it.Should save the default syslog-ng configuration if you want to be safe. Below is the absolute minimum you need to get this working.Configuration on ubuntu is location in /etc/syslog/syslog-ng.conf Also make sure you fill in the proper username and password for mysql.
What are the solutions to consistently backup a set of VMs stored in disk images (qcow2 or raw) on a filesystem on a lvm volume (with possible snapshots).
- Online : Ideally, I would like to send a sync to all VMs before pause and snapshot, but it seems that it's not possible with KVM (it was with XEN). The save command seemed to be an option, but it crashes some VMs. So, what do you recommend to backup these VMs online ?
- Offline : Is there a command to shutdown all vms, and start them back after snapshot/backup ?