SUMMERY: Logging System.

From: Jassim (
Date: Sat Oct 14 2000 - 01:33:49 CDT

Thanks goes to the following:
Bill Bartlett, Bertrand HUTIN, Thomas Vincent, Jay Lessert, Joel Lee, Karl Vogal.

The general Idea was to edit the "/etc/syslog.conf" file, in order to redirect the logs to the remote machine. This is for the Solaris Machines.

As for the NT machines, no one seems to know weather its possible or not, guess I have to refer to Bill G. ;-)

Also I didn't get enough info. for the application logging part, but I would guess that this is dependent on the application itself.

I didn't know that there were many other people sharing me the same need,, ;-)

following are the replies, (Reinaldo and Pete ,,,Enjoy):


Bill Bartlet wrote:

I've actually done this at my current place of employment, and it's really not
that difficult using syslog itself to do all the work. First, setup a 'secure'
machine where there are minimal logins, only ssh allowed, most everything other
than ssh and syslog closed, so that you don't have to worry about any extra
traffic coming to your logging system. Once that is setup, simply edit
/etc/syslog.conf on the remote machines, and depending on what you want to log,
the entry may look like this:

*.crit;auth.notice;user.none;local2.debug @remote_logging_host

That happened to be an example from our setup, but you can obviously choose
whichever messages you'd like to be logged. Then, to finish things up, on the
logging host, you setup which file(s) you want the external syslogs to go to,
then kill -1 syslogd on each of the machines, starting with the loghost. This
should work fine. I do realize this is a poorman's way of doing it, however it
is effective, and very quick to setup. Please don't hesistate to ask if you
need anything further.

Burtrand Hutin wrote:

syslog is able to do this, just add on the line @machine : the message will be
sent to syslog on machine.

Thomas Vincent wrote:

We use rsync. Just rsync the logs off to a centeral machine over
ssh. There is a way to do it without rsync. You can specify a machine as a
loghost in /etc/hosts . Usually this is set to he localhost.

Jay Lessert wrote:

Easy on Solaris. Don't know about NT.

Your system logs are already controlled by /etc/syslog.conf.
If, for example, instead of the default entries:

    *.err;kern.notice;auth.notice /dev/sysmsg
    *.err;kern.debug;daemon.notice;mail.crit /var/adm/messages

you had this on all your client boxes:

    *.err;kern.notice;auth.notice @logserv
    *.err;kern.debug;daemon.notice;mail.crit @logserv

then those log messages would be forwarded to host "logserv".

You'll want to spend some time playing with this, noticing what
happens when logserv is down, etc. You will probably want
to have logserv hard-wired in /etc/hosts.

Joel Lee wrote:

If your applications writes the log using the syslog facility, then you can
modify syslog.conf to control where it's going,

eg, *.notice @remote

Karl Vogal wrote:

We have several Sun boxes all logging to a PC running FreeBSD. You need
   an entry in your /etc/syslog.conf file something like this:


   The loghost should not have any other production tasks, if possible; no
   user logins, mail handling, etc.

   I use a vastly-stripped-down version of syslogd which does nothing but
   read from the syslog device and the kernel log and write to stdout;
   other programs handle timestamping records and appending them to the
   correct files. The command line looks something like this:

      syslogd | accustamp | tailocal | cyclog /logs/daily

   "accustamp" writes an accurate timestamp, "tailocal" changes it into
   something that's human-readable, and "cyclog" stores the log entries in
   dated files called /logs/daily/YYYY-MM-DD. A typical log entry might
   look something like this:

      2000-10-11 16:19:55.740387 p37 f3 somehost some-message-here
                                 priority and facility

Original Message:


I was requested to develop a Central Logging System of all our servers and Application. To make it more clear, all our servers system log's and the applications log should be redirected to a specific machine with a large storage.
My question is has anyone done this before, if so then how was it implemented? and what are the impacts that I might expect?

Our Servers consist of various SUN boxes all running Solaris 2.6 HD 5/98 and some Compaq's running NT 4.


Jassim Seyadi


U BEFORE POSTING please READ the FAQ located at
. and the list POLICY statement located at
A To submit questions/summaries to this list send your email message to:
A To unsubscribe from this list please send an email message to:
E and in the BODY type:
R unsubscribe sun-managers
S Or
. unsubscribe sun-managers original@subscription.address
L To view an archive of this list please visit:

This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:14:20 CDT