Re: Better Syslog server

On Mon, 17 Mar 2003, Matt Harris wrote:

> I've been looking a bit on google/sourceforge/etc to try and find a more

The code is a shambolic mess, but you might like to pick up http://www.batten.eu.org/~igb/syslogd.tar.gz at some point. On Linux is runs fine on its own, on Solaris you need /usr/sbin/syslogd -t running to pick up the stuff on the syslog door. I don't feed that back around into my code, I just take it out to a file, as the log of the logging machine isn't wildly interesting. You put the code in /var/syslogd/bin.

/var/syslogd/syslogd.conf is something like:

ignore imapd|pop3d|lpd/INFO
ignore eric.ftel.co.uk/sendmail/*

You get a tree built below /var/syslogd/messages broken down by date, host and facility. Each line is time-stamped to the microsecond to make sorting easier. You need hosts, protocols and services in /var/syslogd/etc as it all runs chroot'd to /var/syslogd, setuid syslog setgid syslog.

I've hacked it up over the years, but it's been running in production here taking the logs from about a hundred machines, including big production mail systems, for the eighteen months.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

ian Received on Fri Mar 21 16:22:51 2003