NavigationCurrent Weather
|
System Log Consolidation and PublishingI was looking for a way to log events from one of my linux firewall/routers. It has been going down at strange times and I kept having to reboot it in the morning. After a bit of searching, I've settled on the following combination of software and technology to create a viable monitoring solution: You could also use this in conjunction with another utility, https://engineering.purdue.edu/ECN/Resources/Documents/UNIX/evtsys, to consolidate your Microsoft Windows Server logs as well. (I haven't tried that yet, though.)
 This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 License. We did not invent the algorithm. The algorithm consistently finds Jesus. The algorithm killed Jeeves. The algorithm is banned in China. The algorithm is from Jersey. The algorithm constantly finds Jesus. This is not the algorithm. This is close. |
eBay Sales!
Recent comments
Syndicate |
Start Up Script For syslog-ng and mysql.
I had a problem with mysql and syslog-ng. The mysql pipe was not being re-read by syslog-ng if it was interrupted at all. If the file was deleted or the pipe command broke, whatever...syslog-ng promptly stopped reading the file.
I had created a script run by cron to combat this but it wasn't working very well. I had also told the script to run @reboot in cron, but that wasn't working either. Most of the scripts I found on the net just weren't working for me.
So I rolled my own. Here's an init.d script to make sure the pipe was created and the logging started every time the machine booted. I even added a little 'status' indicator and stuck that in cron so it emails if there's a problem.
syslog-ng.mysql init.d script
-----
#!/bin/sh # script to start syslogng dump into mysql # options MYSQLPIPE=/tmp/mysql.pipe USER=root DB=syslog MYSQL=/usr/bin/mysql PIDFILE=/var/run/syslogng.mysql case "$1" in start) if [ ! -e $MYSQLPIPE ]; then mkfifo $MYSQLPIPE || ( echo "Can't create $MYSQLPIPE.">&2 exit 1 ) fi echo -n "Starting syslog-ng mysql dump..." exec $MYSQL -u $USER $DB < $MYSQLPIPE & echo "done." echo $! > $PIDFILE /etc/init.d/syslog-ng restart logger -is -- Syslogng-mysql started. Process id:$! ;; stop) if [ -f $PIDFILE ]; then logger -is -- Stopping syslogng-mysql. sleep 5 echo -n "Removing mysql pipe...">&2 rm -f $MYSQLPIPE echo -n "stopping input to database...">&2 kill `cat $PIDFILE` 2>&1 && ( rm -f $PIDFILE echo "done.">&2 ) || ( echo "$PIDFILE exists but process not running. Removing $PIDFILE." rm -f $PIDFILE ) else $0 status fi exit 0 ;; status) ps -f -p `cat $PIDFILE 2>&1` >/dev/null 2>&1 && ( echo "syslog-ng mysql up." ) || ( echo "syslog-ng mysql down." ) if [ -f $PIDFILE ]; then ps -f -p `cat $PIDFILE`|xargs -l1 logger -is -- Syslogng-mysql check: else echo "Not running.">&2 exit 1 fi exit 0 ;; restart) $0 stop && ( sleep 5 $0 start ) || exit 1 ;; *) echo "Usage: (start|stop|status)">&2 exit 3 ;; esac exit 0crontab
-----