| 1 |
Tanstaafl <tanstaafl <at> libertytrek.org> writes: |
| 2 |
|
| 3 |
|
| 4 |
> I'm very interested in what are best practices, and what others do as |
| 5 |
> far as separating out different types of messages in their logs. |
| 6 |
|
| 7 |
First list all of your resources you are going to monitor: |
| 8 |
webservers? DNS activity/servers? Security? Specific ports? |
| 9 |
Users? |
| 10 |
|
| 11 |
Networks product a cornicopia of data to collect, monitor, store |
| 12 |
and analyze. |
| 13 |
|
| 14 |
> I've always just sent everything to /var/log/messages, and this is not a |
| 15 |
> very heavily loaded box so it hasn't been a big problem, but I'm working |
| 16 |
> on a new server and would like to do some separation. |
| 17 |
|
| 18 |
Ok, if your network is expanding and you've listed what you |
| 19 |
need to do, then look for tools that will help make sense, quickly |
| 20 |
of all of that logged data: |
| 21 |
|
| 22 |
reportmagic, analog, awstats, just to nake a few. |
| 23 |
|
| 24 |
> I'd still like everything to go to /var/log/messages, but I'd like to |
| 25 |
> also send certain types of messages to different logs to simplify |
| 26 |
> troubleshooting, etc - ie, I often peruse the logs with: |
| 27 |
|
| 28 |
> egrep '(reject|warning|error|fatal|panic):' /var/log/messages |
| 29 |
|
| 30 |
If you use custom (CLI) or scripts, you'll need to think about |
| 31 |
collecting that up and what sort of analysis you want/need to run. |
| 32 |
|
| 33 |
|
| 34 |
> But I'd like to actually feed all of those messages to a separate log, |
| 35 |
> for easier tailing. |
| 36 |
|
| 37 |
systemd is clouding these issue versus syslog(ng). so whether or not you are |
| 38 |
or are planning to use systemd is also a factor you need to incorporate |
| 39 |
into you decision. If you are currently using cron, plan on moving to |
| 40 |
"cronie" as it is actively maintained and cron is not. |
| 41 |
|
| 42 |
There are many, many different and valid approaches to this |
| 43 |
issue, so first go out and read about ideas related to what your |
| 44 |
need to do (Googling is your friend). Collecting up data, into |
| 45 |
a singular file allows you to see what occurs in a chronological |
| 46 |
fashion, and is easiest for a small netowrk. |
| 47 |
|
| 48 |
Once you go creating many different log files, you now need to |
| 49 |
develop a strategy to priortize what you need to monitor. |
| 50 |
|
| 51 |
Are you reviewing these logs file, by hand? Dailey, weeking |
| 52 |
or real time monitoring? What is your first priority? |
| 53 |
Security? System Admin(resource utilization)? keeping an ecomerce |
| 54 |
server/farm fast and responsive? Following you hacker budies around |
| 55 |
the net? (inside your net?)...... |
| 56 |
|
| 57 |
DEFINE what you need to do first. Then look for tools to ease |
| 58 |
the job. Implement, test, refine...... "rinse and repeat". |
| 59 |
|
| 60 |
What you are asking, is a life_long quest for most of us, it's never |
| 61 |
done, always there and fundamental to running large amounts of |
| 62 |
hardware and software, hopefully in a pristine manner. |
| 63 |
|
| 64 |
Oh yea, learn abount "managed switches" and keeping track of what's |
| 65 |
going on inside of your routers, too. |
| 66 |
|
| 67 |
http://sixrevisions.com/tools/10-free-server-network-monitoring-tools-that-kick-ass/ |
| 68 |
|
| 69 |
http://www.jffnms.org/ |
| 70 |
|
| 71 |
> Charles |
| 72 |
|
| 73 |
hth, |
| 74 |
James |
Archives