[TriLUG] rotate logs to another device? WAS: Re: centralized logging

Wed Jan 20 09:00:27 EST 2010

Yes. I'm concerned about the magic numbering scheme that logrotate  
uses (e.g. messages.1.gz)... do I have to worry about the count?

JJ

On Jan 19, 2010, at 5:23 PM, Ron Kelley wrote:

> Can you map the SAN share as a LUN and rsync your files?
>
> Thanks,
>
> -Ron
> Sent from my iPhone
>
> On Jan 19, 2010, at 15:27, Josh Johnson <josh_johnson at unc.edu> wrote:
>
>> I've gone ahead with syslog-ng and I really like it.
>>
>> I have a ton of space on a SAN. What I'd like to do is have excess  
>> logs get moved over to the SAN on a regular basis. Im going to dig  
>> into the syslog-ng docs and see if it can handle this sort of  
>> mirror/split-brain setup, but this seems like a common enough use  
>> case (at least, I think so!), so I'd like to hear what other people  
>> are doing.
>>
>> logrotate won't rotate to another device. Does anyone have any  
>> pointers or suggestions to putting together a cron job or something  
>> to do handle this?
>>
>> I like having the logs handy for quick debugging/checking, but then  
>> have a relatively  large store for historical logs that will get  
>> crunched from time to time. I also don't want logging to fail if  
>> the SAN has gone down (or I'd just put all the logs directly on the  
>> SAN).
>>
>> Thanks,
>> JJ
>>
>> On Jan 13, 2010, at 10:00 AM, Clay Stuckey wrote:
>>
>>> I used syslog-ng before with great results. It had lots of  
>>> features such as logging to a db as well as log relaying with  
>>> spoofed source.
>>>
>>> --
>>> Clay Stuckey
>>> (919) 600-0486
>>> claystuckey at gmail.com
>>>
>>> On Jan 13, 2010, at 9:22 AM, Josh Johnson <josh_johnson at unc.edu>  
>>> wrote:
>>>
>>>> I want to collect various server logs into a centralized place.  
>>>> What's the best way to do this? What should I keep in mind when  
>>>> migrating to a centralized logging infrastructure?
>>>>
>>>> I've been looking at syslog-ng and rsyslogd. I've got a  
>>>> combination of RHEL 5 and Ubuntu machines.
>>>>
>>>> The primary reason why I need this is because I've got SAN  
>>>> hardware that will send syslog messages over the SAN network when  
>>>> drives are getting close to failure or have failed (the docs say  
>>>> I can get a fairly early warning).
>>>>
>>>> I'm also going to deploy some web applications that generate lots  
>>>> of logs and will need to be periodically checked to extract usage  
>>>> statistics and diagnose usability issues.
>>>>
>>>> Thanks,
>>>> JJ
>>>> --
>>>> TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
>>>> TriLUG FAQ  : http://www.trilug.org/wiki/Frequently_Asked_Questions
>>> --
>>> TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
>>> TriLUG FAQ  : http://www.trilug.org/wiki/Frequently_Asked_Questions
>>>
>>
>> --
>> TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
>> TriLUG FAQ  : http://www.trilug.org/wiki/Frequently_Asked_Questions
> --
> TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG FAQ  : http://www.trilug.org/wiki/Frequently_Asked_Questions
>