Re: [exim] [EXIM] Centralize mainlog

Góra strony
Delete this message
Reply to this message
Autor: Jon Gerdes
Data:  
Dla: exim-users@exim.org
Temat: Re: [exim] [EXIM] Centralize mainlog
On Wed, 2016-03-16 at 13:18 +0000, Matthew Newton wrote:
> On Wed, Mar 16, 2016 at 10:08:34AM -0300, Fabián M Sales wrote:
> > Can centralize log on a single server? I have many servers with
> > Exim and
> > centralize the log if I can do a much better track.
> > Can make log the syslog?
>
> You can log to syslog directly.
>
> http://exim.org/exim-html-current/doc/html/spec_html/ch-log_files.htm
> l
>
> We write locally to ensure the log is safe, and then feed that
> into...
>
> > I Read some "Lumberjack, Logstash, and Elasticsearch" someone has
> > been
> > able to use?
>
> ...elasticsearch. Graeme wrote a decent set of blog articles that
> will get you started:
> https://graemef.wordpress.com/tech-stuff/exim-logstash/
>
> to be honest, this is really the only way I interrogate our exim
> logs now. In fact, most logs. Elasticsearch is pretty amazing.
>
> Matthew


As you have "many servers" I recommend that you look into something
like:

rsyslog (local to each Exim) -> Logstash receiver -> redis -> Logstash
indexer -> Elasticsearch

Use tcp to send the logs to the LS receiver. I use rsyslog but that's
your choice.

Receiving and manipulating the data on the fly can overwelm Logstash so
by using a redis db as a queue you can smooth over peaks. The choice
of syslog tcp is to ensure that if the recievers are unavailable then
the syslog daemons can be made to buffer to disc as well, so you do not
lose any logs.

Make sure you monitor everything carefully. Nagios/Icinga have plugins
that can be used for all the components. To see what Elasticsearch is
doing in detail I highly recommend the "Bigdesk" plugin http://bigdesk.
org/ which is easy to install on ES and gives you a web based set of
charts for things like Heap Memory for the JVM.

Cheers
Jon


Blueloop Ltd
01460 271055
https://www.blueloop.net
Blueloop House, Ilchester Road, YEOVIL, BA21 3AA Registered England & Wales - 3981322