The syslog-ng Administrator Guide

Document version: 1.1.4
Release date: July 23, 2008
Latest version available at the BalaBit Documentation Page

6.9. Configuring IBM System i Servers

This section describes how to enable logging on some applications running on the System i. If you are running syslog-ng in the PASE environment of System i, you can add file sources to transfer the logs of these applications to your central syslog-ng server. For details on configuring file sources, see Section 9.1.2, “file()”.

6.9.1. Configuring Apache server logs

To enable logging in the Apache server complete the following steps:

Procedure 6.2. Forwarding Apache server logs from System i

  1. Use the Work With Links (WRKLNK) command to edit the /www/(server-name)/conf/httpd_conf file.

  2. Add a “LogCycle” directive in order to force the Apache server to create one file:

                
LogCycle Off
CustomLog logs/access_log combined

    Without this directive the log files will have an appended time stamp and the syslog-ng application will not be able to process them.

  3. Stop and re-start the Apache web server instance with the Start TCP Server (STRTCPSVR) command.

  4. Configure a source to read the file in syslog-ng. Apache logs will generally be placed in the /www/(server-name)/logs directory. See Chapter 3, Configuring syslog-ng for details.

6.9.2. OpenSSH server logs

To enable logging in the OpenSSH server, complete the following steps:

Procedure 6.3. Forwarding OpenSSH server logs from System i

  1. Use the Work With Links (WRKLNK) command to edit the /QopenSys/QIBM/ /ProdData/SC1/OpenSSH/openssh-3.5p1/etc/sshd_conf file.

  2. Edit the file like this:

                
SyslogFacility AUTH
sLogLevel INFO
    [Note] Note

    Consult the documentation on the OpenSSH web site (http://www.openssh.org) for other syslog options.

  3. Create an empty log file. Sign on as QSECOFR, use the STRQSH shell, and issue the following commands:

    mkdir /var/adm 
touch /var/adm/sshlog

  4. Configure a source to read the /var/adm/sshlog file in syslog-ng. See Chapter 3, Configuring syslog-ng for details.

6.9.3. Other server logs

A number of other open systems and proprietary applications can be deployed on the IBM System i including MySQL, PHP, Perl, and others. Most of these types of applications can be enabled to collect system logs. Please consult the documentation for these servers on the steps to take to start collecting logs. Once logging is active you can configure a source statement in syslog-ng to capture the logs.

© 2007-2008 BalaBit IT Security
Please send your comments or documentation bugs to: documentation@balabit.com

Prev  Up  Next
6.8. View application logs  Home | Contents  6.10. Troubleshooting the syslog-ng Agent for IBM System i