Aug 29, 2008

Centralized Syslog With FreeBSD


It is impossible to manage log files across a large multitude of servers. To assist with this syslog is able to send all messages to a single server. This makes keeping track and filtering much easier. It also reduces the time it takes to check the logs as only one login is needed. In this article only the use of the default syslog server which comes with FreeBSD will be covered. There are other ways of centralizing, viewing, and beautifying logs such as with syslog-ng and php-syslog-ng which will not be covered here.

In this example we'll use a fake environment with only the central syslog server and a single workstation for simplicity. Our small networks syslog server will be fbsd-syslog with an ip of 192.168.0.10 and the workstation will be called fbsd-wrk with an ip of 192.168.0.11.

First we must tell the central server to listen to fbsd-wrk. To do this we must append to /etc/syslog.conf . It is always a good idea to back up the original file to something like /etc/syslog.conf.bak in case things go wrong. Add the following to the end of /etc/syslog.conf on the central server (fbsd-syslog).

!*
+192.168.0.11
*.* /var/log/messages

This is simplicity at it's finest. It allows 192.168.0.11 access to the central server to write any file named *.* to /var/log/messages. By default each install sends logs to different locations. For example, by default FreeBSD has a line showing cron.* /var/log/cron . This sends all log files called cron.* to /var/log/cron. We could separate cron messages from our workstation (fbsd-wrk) by doing the following.

!*
+192.168.0.11
cron.* /var/log/cron.fbsd-wrk
*.* /var/log/messages

There are many more variations and applications other than cron that send messages. Any of these can be sent to a different location as above. A little Googling on the net will produce more details. Continuing with our simple example of receiving all messages and putting them on /var/log/messages, we now need to tell fbsd-wrk to send it's messages to fbsd-syslog. To do this fbsd-wrk must have it's /etc/syslog.conf file modified to read like the following.

*.* @192.168.0.10

That is all that should be present in fbsd-wrk's /etc/syslog.conf file. Now simply restart syslogd on both machines by running the following as root.

# /etc/rc.d/syslogd restart

To verify that this worked log into the central syslog server, fbsd-syslog in our example, and type the following.

# tail -f /var/log/messages

In another terminal log into the workstation, fbsd-wrk in our example, and type the following.

# logger hello world

Our "hello world" message should appear on the `tail` running on the central server. If the syslog server is receiving a lot of log entries, the log files may be turned over too frequently. This can be remedied by changing the "size" column entry in /etc/newsyslog.conf . That's it, enjoy.
Posted by at 53 comments:
Labels: , ,

Jan 30, 2008

Distributed Command Execution with Perl


In modern workplaces, it is unreasonable to expect system administrators to manually run commands across vast numbers of servers. It is simply inneficient and unessesary. In order to resolve this many remote administration tools have been created. Tools vary from distributed shells to configuration management sofware. These tools may be overkill for smaller environments. To add to the multitude of distributed tools the following Perl script was created. Using the script is simple. First change the @bsdhosts array elements to the hostnames in your environment. Second, change the word "user" to a valid username that can ssh into the remote hosts. Finnally, change `pwd;ls` to whatever command needs to be performed on the remote hosts. To run multiple commands within one session, simply use a semicolon to seperate the commands as shown below. Passwords can be avoided by using `keygen`. There are many sites describing how to do this on the net. Here is one such location to get you started http://gentoo-wiki.com/SECURITY_SSH_without_a_password . In short, for a small environment where there is no need for a complex distributed solution a simple Perl script can step up to the task. Enjoy!

#!/usr/bin/perl

###########################################################
# Summary: An easily modified script to run remote commands.
#
# Last modified: 01/30/2008
#
# Author: Javier Prats
#
###########################################################

use warnings;
use diagnostics;
use strict;

our $counter;
our @bsdhosts=qw(hostname1 hostname2 hostname3 hostname4);

foreach $counter (@bsdhosts)
{
       my @command= ("/usr/bin/ssh user\@$counter pwd;ls");
       system(@command);
}
Posted by at 2 comments:
Subscribe to: Posts (Atom)