Re: [logs] Update/copy logs to logserver (not via syslog)

From: Jeff King (peff-loganalat_private)
Date: Tue Feb 19 2002 - 06:10:23 PST

  • Next message: Lubomir.Nistor@star-21.de: "RE: [logs] hack attempts && price"

    On Mon, 18 Feb 2002, Marcus J. Ranum wrote:
    
    > It seems to me that a decent enough approach would be to implement a
    > remote file by just having a process nail a fifo and let that appear
    > to be the output file. Then never bother log-rotating again; just let
    > the process transmit the data to a remote machine as fast as it comes
    > in (encryption optional...) and let the remote machine do log rolling,
    > etc. We're not
    
    We've been using this approach at my site. In fact, you can pretty much
    ditch syslogd at that point. We've instead replaced it with an 80 line C
    program which reads datagrams and prints them to stdout. We pipe it to a
    tee-like program which writes a local copy to disk (we use DJB's
    multilog) and ships another copy to the remote logserver.
    
    The remote logserver, of course, allows nothing but the appending of log
    lines (no execution of programs is allowed, no seeking within log files,
    etc).
    
    -Jeff
    
    
    ---------------------------------------------------------------------
    To unsubscribe, e-mail: loganalysis-unsubscribeat_private
    For additional commands, e-mail: loganalysis-helpat_private
    



    This archive was generated by hypermail 2b30 : Tue Feb 19 2002 - 07:08:31 PST