On 12/1/05, James Pifer <jep@xxxxxxxxxxxxxxxx> wrote:
> > I know you just setup FTP, but consider using SSH instead.
> >
> > First off, access to the logs are solved by always running
> > the process as root at the end system. There is no reduced
> > security by doing this.
> >
> > Secondly, setup 1 regular user on 1 system where you want the
> > logs to be localized for processing. Then have the root user
> > of each system SCP the log file to that 1 system as the 1
> > regular user. You'll want to use public key authentication
> > (or a Kerberos realm if you want to avoid generating and/or
> > copying keys for each system).
> >
> > If you're into a more formal setup, CVS or other version
> > control or data collection repository check-ins of the log
> > files might be ideal. For CVS (and several others), you can
> > use the SSH login.
> >
>
> The analyzing software runs on windows. It's connection options for
> looking at logs is file, http, or ftp. What's worse, is I just found
> that it apparently does not support passive ftp. I'm trying to get
> vsftpd to do active, but either I'm not getting it configured right, or
> more likely, the firewall is messing it up. I used to run windows ftp
> server for providing the logs when it ran on windows, and ftp'ing was no
> problem.
>
> Anyway, that's where I'm at right now.
>
> James
I've found that there are FAR superior logfile analyzer tools on linux
than windows. We ended up sending all our log files from the windows
servers we have to a consolidated drop on a linux box and running a
linux based analyzer. It gives better information, more detail, etc.
Things like splunk, awstats, mod_log_sql (which lets you do live "top
links" type things), and any of several other tools available.
--
Jim Perrin
System Architect - UIT
Ft Gordon & US Army Signal Center
