TCLUG Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [TCLUG:9650] Logs and more logs...

On Mon, 1 Nov 1999, Ben Beuchler wrote:

> I'm trying to come up with a little more reasonable syslog plan then
> the default RH idea.  They seem to think that nothing needs to be
> logged.  About the only log that's seeing any action is the cron
> log.

I don't see anything really wrong with the RH idea myself. I like the
seperate maillog, messages, and cron. On IRIX for example just about
everything goes to /var/log/SYSLOG which I don't like. It's really a
matter of personal preference though.

> Anyone have a favorite scheme?  And it always looks cool to have a
> transparent 'tail -f' running on your desktop.  Any recommendations about
> which files are worth tailing?

If you administer enough systems you will probably want to configure a
centralized loghost such that you can get a better picture of your
network. Regarding Linux, I would start by checking out the
HOWTO/Security-HOWTO which has a slight discussion about strategies
for this.

Some of my favorite tools for watching logs are: swatch which can
monitor logfiles and perform actions when specific patterns you
specify are matched. Logger which lets you send test messages to
syslog. And although I haven't tried any of these, if you go to
freshmeat.net and do a search for 'tail' it will print out some
utilities which supposedly will allow you to montior multiple logfiles
simultaneously and display them on your root window...

> And last but certainly not least, anyway for me to monitor the logs on my
> webserver without setting up the nastily insecure NFS?  I would really
> like to have the httpd and qmail logs running on my desktop.

The following bit of info regarding qmail should help:

	http://qmail-docs.surfdirect.com.au/docs/splogger.html

But I think your out of luck regarding the webserver logs. Most modern
web server manage logging themselves. Typically writing data to the
logs in some buffer size chunk in order to improve performance. If you
get anything useful on this I would be interested also. 

Regards

					- Karl