Re: [FUG-BR] RES: Sugestão de serv idor Syslog
Sinceramente porque não usa o syslogd do sistema SYSLOGD(8) FreeBSD System Manager's Manual SYSLOGD(8) NAME syslogd — log systems messages SYNOPSIS syslogd [-468ACcdkNnosTuv] [-a allowed_peer] [-b bind_address] [-f config_file] [-l [mode:]path] [-m mark_interval] [-P pid_file] [-p log_socket] DESCRIPTION The syslogd utility reads and logs messages to the system console, log files, other machines and/or users as specified by its configuration file. skip -a allowed_peer Allow allowed_peer to log to this syslogd using UDP datagrams. Multiple -a options may be specified. The allowed_peer option may be any of the following: ipaddr/masklen[:service]Accept datagrams from ipaddr (in the usual dotted quad notation) with masklen bits being taken into account when doing the address comparison. ipaddr can be also IPv6 address by enclosing the address with ‘[’ and ‘]’. If specified, service is the name or number of an UDP service (see services(5)) the source packet must belong to. A service of ‘*’ allows packets being sent from any UDP port. The default service is ‘syslog’. If ipaddr is IPv4 address, a missing masklen will be substituted by the historic class A or class B netmasks if ipaddr belongs into the address range of class A or B, respectively, or by 24 otherwise. If ipaddr is IPv6 address, a missing masklen will be substituted by 128. domainname[:service]Accept datagrams where the reverse address lookup yields domainname for the sender address. The meaning of service is as explained above. *domainname[:service] Same as before, except that any source host whose name ends in domainname will get permission. The -a options are ignored if the -s option is also specified. -b bind_address[:service] -b :service Bind to a specific address and/or port. The address can be spec‐ ified as a hostname, and the port as a service name. If an IPv6 address is specified, it should be enclosed with ‘[’ and ‘]’. The default service is ‘syslog’. O proprio FreeBSD tem isso porque reinventar a roda? Rizzo - Histórico: http://www.fug.com.br/historico/html/freebsd/ Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
Re: [FUG-BR] RES: Sugestão de serv idor Syslog
Concordo com o Nilton, Aqui na minha rede utilizo o syslog nativo e para visualizar web o log analyzer Abs On Wed, Mar 26, 2014 at 4:46 PM, Nilton Jose Rizzo ri...@i805.com.brwrote: Sinceramente porque não usa o syslogd do sistema SYSLOGD(8) FreeBSD System Manager's Manual SYSLOGD(8) NAME syslogd — log systems messages SYNOPSIS syslogd [-468ACcdkNnosTuv] [-a allowed_peer] [-b bind_address] [-f config_file] [-l [mode:]path] [-m mark_interval] [-P pid_file] [-p log_socket] DESCRIPTION The syslogd utility reads and logs messages to the system console, log files, other machines and/or users as specified by its configuration file. skip -a allowed_peer Allow allowed_peer to log to this syslogd using UDP datagrams. Multiple -a options may be specified. The allowed_peer option may be any of the following: ipaddr/masklen[:service]Accept datagrams from ipaddr (in the usual dotted quad notation) with masklen bits being taken into account when doing the address comparison. ipaddr can be also IPv6 address by enclosing the address with ‘[’ and ‘]’. If specified, service is the name or number of an UDP service (see services(5)) the source packet must belong to. A service of ‘*’ allows packets being sent from any UDP port. The default service is ‘syslog’. If ipaddr is IPv4 address, a missing masklen will be substituted by the historic class A or class B netmasks if ipaddr belongs into the address range of class A or B, respectively, or by 24 otherwise. If ipaddr is IPv6 address, a missing masklen will be substituted by 128. domainname[:service]Accept datagrams where the reverse address lookup yields domainname for the sender address. The meaning of service is as explained above. *domainname[:service] Same as before, except that any source host whose name ends in domainname will get permission. The -a options are ignored if the -s option is also specified. -b bind_address[:service] -b :service Bind to a specific address and/or port. The address can be spec‐ ified as a hostname, and the port as a service name. If an IPv6 address is specified, it should be enclosed with ‘[’ and ‘]’. The default service is ‘syslog’. O proprio FreeBSD tem isso porque reinventar a roda? Rizzo - Histórico: http://www.fug.com.br/historico/html/freebsd/ Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd - Histórico: http://www.fug.com.br/historico/html/freebsd/ Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
Re: [FUG-BR] RES: Sugestão de serv idor Syslog
-- Patrick Tracanelli FreeBSD Brasil LTDA. Tel.: (31) 3516-0800 316...@sip.freebsdbrasil.com.br http://www.freebsdbrasil.com.br Long live Hanin Elias, Kim Deal! On 26/03/2014, at 16:46, Nilton Jose Rizzo ri...@i805.com.br wrote: Sinceramente porque não usa o syslogd do sistema [snip] O proprio FreeBSD tem isso porque reinventar a roda? Concordo. No BSD Syslog voce pode fazer pipelining pra um programa externo e ai o céu é o limite, um exemplo simples syslog.conf: *.* | cat - /tmp/syslog % echo uia | logger % tail /tmp/syslog Mar 26 16:51:54 main kernel: ipfw: 10 Accept UDP [::1]:50748 [::1]:50748 out via lo0 Mar 26 16:51:54 main kernel: ipfw: 10 Accept UDP [::1]:50748 [::1]:50748 in via lo0 Mar 26 16:51:54 main kernel: ipfw: 10 Accept UDP [::1]:50748 [::1]:50748 out via lo0 Mar 26 16:51:54 main kernel: ipfw: 10 Accept UDP [::1]:50748 [::1]:50748 in via lo0 Mar 26 16:51:54 main kernel: ipfw: 10 Accept UDP [::1]:50748 [::1]:50748 out via lo0 Mar 26 16:51:54 main kernel: ipfw: 10 Accept UDP [::1]:50748 [::1]:50748 out via lo0 Mar 26 16:51:54 main kernel: ipfw: 10 Accept UDP [::1]:50748 [::1]:50748 in via lo0 Mar 26 16:51:54 main kernel: ipfw: 10 Accept UDP [::1]:50748 [::1]:50748 in via lo0 Mar 26 16:52:07 main kernel: ipfw: 145 Deny UDP 10.69.69.253:65534 201.48.151.193:123 in via em0 Mar 26 16:52:10 main eksffa: uia Ou seja dai em diante você põe seus logs em PgSQL, MongoDB, trata como quiser num sistema de consolidação de logs aberto (tipo plugin syslog do Cacti) ou o que você criar em casa pra se preparar pro Marco Civil hehehe... Não tem porque reinventar a roda mesmo; lógico que os syslog-ng da vida vão eventualmente oferecer recursos a mais; mas o ideal é esperar precisar desses recursos a mais, se realmente a necessidade surgir e o nativo não atender, ai se prepara pra um de terceiros (e as potenciais dores de cabeça, especialmente quando o syslog-ng resolve precisar de gambiarras diversas pra pra se conectar no socket mysql da vida hehehe Rizzo - Histórico: http://www.fug.com.br/historico/html/freebsd/ Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd - Histórico: http://www.fug.com.br/historico/html/freebsd/ Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
