Solved

Feeding updtes in a text file to remote syslog server continuously

Posted on 2009-05-06
8
459 Views
Last Modified: 2012-05-06
Hi,

I am trying to find a solution to feed the text log files of some application servers to remote syslog server.

Remote syslog server is running syslog-ng and setup to deliver the incoming log records to different files per host. So the setup is ready.

What I am looking for is a mechanism to feed the content of these text files to remote syslog server via syslog protocol (logger for example). As I don't want to interfere with the application itself, I don't want to modify it to send directly to syslog. A utility would be perfect to capture everything appended to the text file and send it via syslog protocol. This will also make sure that any problem on syslog server or the utility itself will not affect the application's availability.

Any information on this will be appreciated.

Thanks and regards..

-Suleyman Kutlu (SNK)
0
Comment
Question by:SNK-67
  • 4
  • 3
8 Comments
 
LVL 61

Expert Comment

by:gheist
ID: 24315174
You can create fifo and attach logger to other end of fifo (or nc for direct feeding to syslog-ng)

mkfifo logfile
logger < logfile &

0
 
LVL 1

Author Comment

by:SNK-67
ID: 24316034
I am a little confused. What I understand from the command

mkfifo logfile

is to create a FIFO file. But the log files which I want to feed to syslog server are created and managed (rotated) by the application server itself. So I am afraid that if I use mkfifo solution, I will interfere with the application log management.

Did I understand wrong?
0
 
LVL 61

Expert Comment

by:gheist
ID: 24318828
If you are able to make application to not rotate logs and feed data into fifo placed where log should be you are winner.
Is this some sort of standard application like log4j or apache?
0
 
LVL 1

Author Comment

by:SNK-67
ID: 24324594
Most of them are log4j, some Apache or SunONE webserver log, some custom application logs.
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 61

Expert Comment

by:gheist
ID: 24324665
There is syslog support in log4j
Apache is too heavy for syslog (imagine sending extra log packet for every access log entry)
0
 
LVL 1

Author Comment

by:SNK-67
ID: 24324802
I know the support in log4j but the main idea on not using this feature is not to cause any problem on the application such as being unable to send logs to syslog server from log4j for any reason (network problems, etc).. Currently if log4j cannot write logs to disk for some reason (such as disk is full) application encounters problems. I don't want to cause such problems on application.

Hence my idea was without changing anything on application settings, I want to grab the logs from the file and send it to syslog server. If for some reason I cannot send to syslog server, it will be a problem of infrastructure group, not the application itself !!

I hope the idea is clear.

0
 
LVL 61

Expert Comment

by:gheist
ID: 24329217
Syslog is stable, accepts log messages when disk full, config file invalid etc.
Apache can log to syslog also.
I assume sun one uses log4j also.
Custom apps can be changed to use log4j.
0
 
LVL 3

Accepted Solution

by:
tkuther earned 125 total points
ID: 24462545
We use rsyslog for such things.

It can nicely monitor any files
http://www.rsyslog.com/doc-imfile.html
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Setting up Secure Ubuntu server on VMware 1.      Insert the Ubuntu Server distribution CD or attach the ISO of the CD which is in the “Datastore”. Note that it is important to install the x64 edition on servers, not the X86 editions. 2.      Power on th…
Why Shell Scripting? Shell scripting is a powerful method of accessing UNIX systems and it is very flexible. Shell scripts are required when we want to execute a sequence of commands in Unix flavored operating systems. “Shell” is the command line i…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now