Firewall Wizards mailing list archives
RE: centralised log server
From: "Desai, Ashish" <Ashish.Desai () fmr com>
Date: Mon, 6 Dec 1999 10:33:31 -0500
We just copy them to a central server (after compressing them) via SSH. I don't know how we deal with the NT stuff as that depends on the applications. For NT its very hard to do central collections of the NT events and the event codes are stored in the program DLL's. However there are tools that can take NT events and convert them and forward them to a syslog server. The trick is to properly define a directory structure that can scale up. We normally make a subdirectory for every virtual web server or services and then in there store files is named as YYYYMMDD.gz. This allows us to write shell scripts that can parse thru different logs files based on time. Remember not to store more than a 1000 files per directory as you get performance issues in directory look ups. Ashish
-----Original Message----- From: Shaun Moran [SMTP:Shaun () TheMorans Com] Sent: Saturday, December 04, 1999 10:51 AM To: firewall-wizards () nfr net Subject: centralised log server Hi, What products are people using to keep there log files central ??? Scenario is - multiple products that keep log files locally. Some products keep multiple files in a single directory (eg: access.log, audit.log, etc etc). What I want is a separate server that houses all these log files and a SECURE way to get these files to this server. An the bad news is the there are Windows NT as well as Unix systems involved. I was hoping that there is some nice commercial log server product that has agents (NT and/or UNIX) on the remote application server that monitor the log log files for changes and transmits them to the centralised log server with some form of secure protocol. Does anybody know of such a product - what are people doing to stop having 50 separate boxes with logs ??? Thanks - Shaun
Current thread:
- centralised log server Shaun Moran (Dec 05)
- Re: centralised log server dreamwvr (Dec 06)
- <Possible follow-ups>
- RE: centralised log server Desai, Ashish (Dec 06)
- RE: centralised log server sedwards (Dec 07)
- Re: centralised log server Stefan . Esser (Dec 07)
- RE: centralised log server Stefan Norberg (Dec 08)