Hi, switchting from one ISPConfig managed mailserver to 2 mailservers, where server 2 is mirror of server 1, i wonder what is the best way to centralize logging, especially for the mail.log. For debugging reasons i often check the mail.log to see what happend with mails and grep the ID or sender/recipient address. With 2 mailsservers that are load balanced by HAProxy, i assume i have to search the maillogs on both servers. So is there a soultion built into ISPConfig already that i don't know of? Or should i just do my own thing with like rsyslog? Any input, thoughts and ideas are welcome
Installing logwatch and pflogsumm on both servers and setting them up to email log summaries is one option. It is possible to configure all your hosts to send logs to one log server, and examine the logs there. You can read mail log in ISPConfig panel, but you would have to read each servers log. None that I am aware of.
Well this is not an option, as for debugging purposes i need a current state of the files or sometimes even follow them with tail -f piped into grep. So my initial thought with rsyslog and a centralized logging server seems like the best option here.
you could install the ELK stack and have all your servers send their logs to there. or just use rsyslog and a central log server. rsyslog is easier to setup and configure, the ELK stack is easier to read, search, get alerts etc. there's a few different tutorials on here about the ELK stack, elasticsearch, logstash etc. just make a search and have a look through some of those.
Thank you both for the responses; Here's what i did: /etc/rsyslog.conf on the main mail01 server: Code: # provides TCP syslog reception module(load="imtcp") input(type="imtcp" port="514") ### Rules Section: $template remote-mail02, "/var/log/maillogs/mail02-mail.log" *.* ?remote-mail02 /etc/rsyslog.conf on the client mail02 server: Code: # Rules Section - IP of your Server: mail.* @@100.100.100.100:514 And i've created a symbolic link with Code: ln -s /var/log/mail.log /var/log/maillogs/mail01-mail.log So now i can grep/tail/what ever on both logfiles with ease. Note: the mail02 keeps the local mail.log, this is intended in this setup.
