On Wed, 2016-03-16 at 13:18 +0000, Matthew Newton wrote: > On Wed, Mar 16, 2016 at 10:08:34AM -0300, Fabián M Sales wrote: > > Can centralize log on a single server? I have many servers with > > Exim and > > centralize the log if I can do a much better track. > > Can make log the syslog? > > You can log to syslog directly. > > http://exim.org/exim-html-current/doc/html/spec_html/ch-log_files.htm > l > > We write locally to ensure the log is safe, and then feed that > into... > > > I Read some "Lumberjack, Logstash, and Elasticsearch" someone has > > been > > able to use? > > ...elasticsearch. Graeme wrote a decent set of blog articles that > will get you started: > https://graemef.wordpress.com/tech-stuff/exim-logstash/ > > to be honest, this is really the only way I interrogate our exim > logs now. In fact, most logs. Elasticsearch is pretty amazing. > > Matthew
As you have "many servers" I recommend that you look into something like: rsyslog (local to each Exim) -> Logstash receiver -> redis -> Logstash indexer -> Elasticsearch Use tcp to send the logs to the LS receiver. I use rsyslog but that's your choice. Receiving and manipulating the data on the fly can overwelm Logstash so by using a redis db as a queue you can smooth over peaks. The choice of syslog tcp is to ensure that if the recievers are unavailable then the syslog daemons can be made to buffer to disc as well, so you do not lose any logs. Make sure you monitor everything carefully. Nagios/Icinga have plugins that can be used for all the components. To see what Elasticsearch is doing in detail I highly recommend the "Bigdesk" plugin http://bigdesk. org/ which is easy to install on ES and gives you a web based set of charts for things like Heap Memory for the JVM. Cheers Jon Blueloop Ltd 01460 271055 https://www.blueloop.net Blueloop House, Ilchester Road, YEOVIL, BA21 3AA Registered England & Wales - 3981322 -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
