Need advice in setting up centralized log server using rsyslog (8.24) in Oracle Linux 7
by pclinux66 from LinuxQuestions.org on (#5CM27)
I need to forward linux logs from multiple servers to a server. I plan to use rsyslog (8.24) in Oracle Linux 7. My original thought is that the centralized log server will have structure like this so log files are exactly same in source servers and the centralized log server:
/var/log/server1/messages
/var/log/server1/secure
/var/log/server2/messages
/var/log/server2/secure
/var/log/server3/messages
/var/log/server3/secure
It seems that it is more common to have structure based on facilities:
/var/log/server1/kernel.log
/var/log/server1/syslogd.log
/var/log/server2/kernel.log
/var/log/server2/syslogd.log
/var/log/server3/kernel.log
/var/log/server3/syslogd.log
What are the pros and cons between the 2 structures?
The current objective is to have all linux logs in somewhere besides the source servers. (Production usage)
The next objective will be integrated with ELK stack (Proof of concept).
Thanks for any advice.
/var/log/server1/messages
/var/log/server1/secure
/var/log/server2/messages
/var/log/server2/secure
/var/log/server3/messages
/var/log/server3/secure
It seems that it is more common to have structure based on facilities:
/var/log/server1/kernel.log
/var/log/server1/syslogd.log
/var/log/server2/kernel.log
/var/log/server2/syslogd.log
/var/log/server3/kernel.log
/var/log/server3/syslogd.log
What are the pros and cons between the 2 structures?
The current objective is to have all linux logs in somewhere besides the source servers. (Production usage)
The next objective will be integrated with ELK stack (Proof of concept).
Thanks for any advice.