Syslog Server? Do you use one?

[Yatti420]

Ideas for a syslog server? Does anybody use this feature? Input & Ideas/Opinions welcome!...

Thanks,

 

[Yatti420]

This looks promising.. www.networksa.org/?p=318


I went the jail route however and I have a packaged syslog collector - it's working in a jail currently.. Now to get it to run on startup and not have the standard syslogd in the way..

 

[Yatti420]

The only thing left now is to have the daemon startup with appropriate "options" on startup (there is no config file) . I probably could of made syslogd do remote collecting but it looked complicated.. I just wanted to add a package and use it.. Been successful so far..

Might have to do some reading on rc & init and set something up for the jail..

I didn't want to have a syslog server on a client pc so I really wanted to use freenas / jail and some packaged software.. Seems sucessful so far..

 

[Yatti420]

Top from jail #2.. Should I be worried about high PID count?

 

[Yatti420]

http://www.manualpages.de/FreeBSD/FreeBSD-ports-9.0-RELEASE/man8/minirsyslogd.8.html

root@syslogjail:/ # minirsyslogd --daemon --maxfilesize 2000 --pidfile /var/run/minirsyslogd.pid --umask 007 --split day --rootdir /mylogs/

Works fine when I run it via putty..

Code:

minirsyslogd startup: version="1.02" pid=6366 uid=0 gid=0 euid=0 egid=0
minirsyslogd settings: rootdir="/mylogs" maxopen=50 port=514 maxopenspersec=200 split=hour recvmode=split
minirsyslogd startup: backgrounding (daemonizing)

I want to run this as startup however automatically.. Still plugging away at learning rc.d etc.. If anybody could help me out or make sure I'm headed in the right direction that would be great.. Thanks,

 

[Yatti420]

Still having troubles with rc.d and starting minirsyslogd automatically on jail boot.. I havent made any changes can easily launch/control from shell it's just the silly autostart..

 

[Yatti420]

I like the structure though..

 

[Yatti420]

I've finally nailed the startup script using some examples and reading the rc.d info.. It works for me by I doubt its portable or "valid" currently.. Used this as reference.. I'm sure there is an easier way to get this going somehow..

Code:

#!/bin/sh
 
# PROVIDE: minirsyslogd
# REQUIRE: NETWORKING
 
. /etc/rc.subr
 
name="minirsyslogd"
rcvar=`set_rcvar`
start_cmd="minirsyslogd_start"
stop_cmd=":"
 
load_rc_config $name
 
minirsyslogd_start()
{
    if checkyesno ${rcvar}; then
    /usr/local/sbin/minirsyslogd --daemon --maxfilesize 2000 --pidfile /var/run/minirsyslogd.pid --umask 007 --split day --rootdir /mylogs/
    fi
}
 
run_rc_command "$1"

This was placed in /usr/local/etc/rc.d/ to keep it separate from base jail.. I still get issues with connectivity when the system reboots.. and before the jail is booted? I guess there is no way around this? Once it's booted looks like it picks up and everything sends.. The syslogd that comes with the jail should be capable of doing this.. Not sure about structuring files etc though..

Edit:
added to rc.conf
syslogd_enable="No" #to disable jail syslogd (no need for local logging - jail dedicated to minirsyslogd)
minirsyslogd_enable="YES"

Lots of important notes if you want to use minirsyslogd..

Works great for capturing all freenas syslogs (including jails if you configure it).. Routers.. My ubuntu PC.. Anything else you can find with syslog.. Always wanted one of these setup :)

 

[Michail Velev]

I not see minirsyslogd, but I install manualy ...
Work perfect! :)
Thanks ;)

 

[Paranoiak]

I have set up a syslog server on my Intel NUC (Winows 8.1) to monitor my FreeNAS and it works great ! It is FREE until 5 sources.

E-mail alerts are working so far, it was the most important feature IMHO.

http://www.snmpsoft.com/syslogwatcher/syslog-server.html

Very simple, highly recommended.