1 |
Tanstaafl <tanstaafl <at> libertytrek.org> writes: |
2 |
|
3 |
|
4 |
> I'm very interested in what are best practices, and what others do as |
5 |
> far as separating out different types of messages in their logs. |
6 |
|
7 |
First list all of your resources you are going to monitor: |
8 |
webservers? DNS activity/servers? Security? Specific ports? |
9 |
Users? |
10 |
|
11 |
Networks product a cornicopia of data to collect, monitor, store |
12 |
and analyze. |
13 |
|
14 |
> I've always just sent everything to /var/log/messages, and this is not a |
15 |
> very heavily loaded box so it hasn't been a big problem, but I'm working |
16 |
> on a new server and would like to do some separation. |
17 |
|
18 |
Ok, if your network is expanding and you've listed what you |
19 |
need to do, then look for tools that will help make sense, quickly |
20 |
of all of that logged data: |
21 |
|
22 |
reportmagic, analog, awstats, just to nake a few. |
23 |
|
24 |
> I'd still like everything to go to /var/log/messages, but I'd like to |
25 |
> also send certain types of messages to different logs to simplify |
26 |
> troubleshooting, etc - ie, I often peruse the logs with: |
27 |
|
28 |
> egrep '(reject|warning|error|fatal|panic):' /var/log/messages |
29 |
|
30 |
If you use custom (CLI) or scripts, you'll need to think about |
31 |
collecting that up and what sort of analysis you want/need to run. |
32 |
|
33 |
|
34 |
> But I'd like to actually feed all of those messages to a separate log, |
35 |
> for easier tailing. |
36 |
|
37 |
systemd is clouding these issue versus syslog(ng). so whether or not you are |
38 |
or are planning to use systemd is also a factor you need to incorporate |
39 |
into you decision. If you are currently using cron, plan on moving to |
40 |
"cronie" as it is actively maintained and cron is not. |
41 |
|
42 |
There are many, many different and valid approaches to this |
43 |
issue, so first go out and read about ideas related to what your |
44 |
need to do (Googling is your friend). Collecting up data, into |
45 |
a singular file allows you to see what occurs in a chronological |
46 |
fashion, and is easiest for a small netowrk. |
47 |
|
48 |
Once you go creating many different log files, you now need to |
49 |
develop a strategy to priortize what you need to monitor. |
50 |
|
51 |
Are you reviewing these logs file, by hand? Dailey, weeking |
52 |
or real time monitoring? What is your first priority? |
53 |
Security? System Admin(resource utilization)? keeping an ecomerce |
54 |
server/farm fast and responsive? Following you hacker budies around |
55 |
the net? (inside your net?)...... |
56 |
|
57 |
DEFINE what you need to do first. Then look for tools to ease |
58 |
the job. Implement, test, refine...... "rinse and repeat". |
59 |
|
60 |
What you are asking, is a life_long quest for most of us, it's never |
61 |
done, always there and fundamental to running large amounts of |
62 |
hardware and software, hopefully in a pristine manner. |
63 |
|
64 |
Oh yea, learn abount "managed switches" and keeping track of what's |
65 |
going on inside of your routers, too. |
66 |
|
67 |
http://sixrevisions.com/tools/10-free-server-network-monitoring-tools-that-kick-ass/ |
68 |
|
69 |
http://www.jffnms.org/ |
70 |
|
71 |
> Charles |
72 |
|
73 |
hth, |
74 |
James |