Syslog can do this. You need the "-r" switch to allow the central syslog server to receive forwarded log entries from "clients". Try "man syslogd". You can set the -r option in /etc/sysconfig/syslog by adding it to the SYSLOGD_OPTIONS string. Run "service syslog restart" after.... On the client servers you want to forward, just add "*.* @server" to /etc/syslog.conf. This will forward all syslog entries to "server". You need to restart syslog after changing the .conf file. "man syslog.conf" will give you more options for finer control of what's forwarded. For log file analysis, there is a project called "syslog-ng" which works well. You can find this at http://www.balabit.com/products/syslog_ng/ Lastly, if you want to forward windows event logs, you can use a service called Snare. http://www.intersectalliance.com/snareserver/index.html Hope this helps, - Harper Harper Mann Groundwork Open Source Solutions 510-599-2075 (cell) -----Original Message----- From: redhat-list-bounces@xxxxxxxxxx [mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of Nathaniel Hall Sent: Wednesday, October 13, 2004 2:12 PM To: Stephane Auger; General Red Hat Linux discussion list Subject: Re: Event log monitoring What type of systems are you wanting to monitor event logs on? Depending on the type of system depends on the answer. Nathaniel Hall Intrusion Detection and Firewall Technician Ozarks Technical Community College -- Office of Computer Networking halln@xxxxxxx 417-799-0552 Stephane Auger wrote: >Hey everyone, > > I'm looking for a practical way to monitor event logs on multiple >servers. There are multiple subnets at multiple sites, and I have one >main LAN to monitor everything. Is there some kind of software/batch >file that could be installed on the servers so that the events be sent >on my monitoring lan (a little bit like SNMP sending to a listening >server)? Thanks!! > >Stephane Auger, MCP > > -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
