View Issue Details

IDProjectCategoryView StatusLast Update
0000697Community.cacert.orgpublic2009-06-15 12:27
ReporterDaniel Black Assigned ToDaniel Black  
PrioritynormalSeverityfeatureReproducibilityalways
Status needs workResolutionopen 
Summary0000697: centralised logging for the community/lists/email/webmail set of servers
Descriptioncentralising logging adds some integrity to the logs generated. The following steps allow a log server to capture multiple logs. The second step is to allow the vserver guests read only access.
Additional Informationinstall syslog-ng
configure as follows:

following configuration in /etc/syslog-ng/syslog-ng.conf.

source s_all {
internal();
unix-stream("/dev/log");
file("/proc/kmsg" log_prefix("kernel: "));
udp();
};

# some standard log files - small variation of default configuration
destination df_auth { file("/var/log/$HOST/auth.log"); };
destination df_syslog { file("/var/log/$HOST/syslog"); };
destination df_cron { file("/var/log/$HOST/cron.log"); };
destination df_daemon { file("/var/log/$HOST/daemon.log"); };
destination df_kern { file("/var/log/$HOST/kern.log"); };
destination df_lpr { file("/var/log/$HOST/lpr.log"); };
destination df_mail { file("/var/log/$HOST/mail.log"); };
destination df_user { file("/var/log/$HOST/user.log"); };
destination df_uucp { file("/var/log/$HOST/uucp.log"); };

...
destination df_debug { file("/var/log/$HOST/debug"); };
destination df_messages { file("/var/log/$HOST/messages"); };
destination df_apache_errors { file("/var/log/$HOST/apache_errors"); };
destination df_apache_access { file("/var/log/$HOST/apache_access"); };
destination df_sympa { file("/var/log/$HOST/sympa"); };

...

filter f_apache_errors { facility(local0); };
filter f_apache_access { facility(local1); };
filter f_sympa { facility(local3); };

log {
source(s_all);
filter(f_apache_errors);
destination(df_apache_errors);
};

# apache.access /var/log/apache_accesss
log {
source(s_all);
filter(f_apache_access);
destination(df_apache_access);
};


# sympa /var/log/$HOST/sympa
log {
source(s_all);
filter(f_sympa);
destination(df_sympa);
};


to ensure rotation
/etc/logrotate.d/syslog-ng on the server are like:

/var/log/*/auth.log {
rotate 65535
dateext
missingok
notifempty
weekly
compress
}


vserver guests only need to be like (replacing HOSTIP with an IP):
/etc/syslog.conf

# Apache error log
local0.* @HOSTIP
# Apache access log
local1.* @HOSTIP
# sympa logs /etc/sympa/facility
local3.* @HOSTIP
*.* @HOSTIP
TagsNo tags attached.

Activities

Daniel Black

2009-03-02 10:11

developer   ~0001287

and making the logs viewable on the vserver guests again:

editing the /etc/vservers/{servername}/fstab with an entry like:
/var/log/{IP} /var/log/remote none ro,bind 0 0

will create a readonly view of the syslog in the directory /var/log/remote on the vserver guest.

To effect this change:
/usr/sbin/vmount {vserver-name} -a

Issue History

Date Modified Username Field Change
2009-03-02 10:10 Daniel Black New Issue
2009-03-02 10:11 Daniel Black Note Added: 0001287
2009-03-09 05:02 Daniel Black Status new => needs work
2009-03-09 05:02 Daniel Black Assigned To => Sourcerer
2009-06-15 12:27 Daniel Black Assigned To Sourcerer => Daniel Black