Logging on multi-server setups

Discussion in 'General' started by pyte, Sep 7, 2022.

  1. pyte

    pyte Well-Known Member HowtoForge Supporter

    switchting from one ISPConfig managed mailserver to 2 mailservers, where server 2 is mirror of server 1, i wonder what is the best way to centralize logging, especially for the mail.log. For debugging reasons i often check the mail.log to see what happend with mails and grep the ID or sender/recipient address. With 2 mailsservers that are load balanced by HAProxy, i assume i have to search the maillogs on both servers.

    So is there a soultion built into ISPConfig already that i don't know of? Or should i just do my own thing with like rsyslog?

    Any input, thoughts and ideas are welcome :)
  2. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    Installing logwatch and pflogsumm on both servers and setting them up to email log summaries is one option.
    It is possible to configure all your hosts to send logs to one log server, and examine the logs there.
    You can read mail log in ISPConfig panel, but you would have to read each servers log.
    None that I am aware of.
    Last edited: Sep 7, 2022
  3. pyte

    pyte Well-Known Member HowtoForge Supporter

    Well this is not an option, as for debugging purposes i need a current state of the files or sometimes even follow them with tail -f piped into grep.
    So my initial thought with rsyslog and a centralized logging server seems like the best option here.
  4. nhybgtvfr

    nhybgtvfr Well-Known Member HowtoForge Supporter

    you could install the ELK stack and have all your servers send their logs to there.
    or just use rsyslog and a central log server.
    rsyslog is easier to setup and configure, the ELK stack is easier to read, search, get alerts etc.

    there's a few different tutorials on here about the ELK stack, elasticsearch, logstash etc. just make a search and have a look through some of those.
  5. pyte

    pyte Well-Known Member HowtoForge Supporter

    Thank you both for the responses; Here's what i did:

    /etc/rsyslog.conf on the main mail01 server:
    # provides TCP syslog reception
    input(type="imtcp" port="514")
    ### Rules Section:
    $template remote-mail02, "/var/log/maillogs/mail02-mail.log"
    *.* ?remote-mail02
    /etc/rsyslog.conf on the client mail02 server:
    # Rules Section - IP of your Server:
    mail.* @@
    And i've created a symbolic link with
     ln -s /var/log/mail.log /var/log/maillogs/mail01-mail.log 
    So now i can grep/tail/what ever on both logfiles with ease. Note: the mail02 keeps the local mail.log, this is intended in this setup.
    ahrasis and till like this.

Share This Page