skip to main content
op5 LogServer Technology
  
op5 LogServer Technology
This chapter covers the underlying technology that op5 LogServer uses to save data, and brief information of the syslog protocol with the following topics:
 
Subject
Page
Subsections
The Syslog Protocol and implementations
 
Syslog was originally written by Eric Allman as a part of his application sendmail but turned out to be so useful that it was turned into a project of it’s own in the 1980:s.
Syslog is not only a protocol, but it also refers to various syslog implementations such as the local syslog daemon that takes care of local logging on any UNIX compatible computer.
In 2001, RFC 3164 was published as an effort to unify syslog implementations.
Usage
 
On UNIX, most applications send their logs to the syslog process running on the same machine. This process then either stores the messages locally - in /var/log - or sends them to a syslog server for central storage.
All logging machines send their log data using TCP/IP to port 514 n the reciving logserver. Typically syslog uses UDP, but modern implementations such as op5 LogServer also support TCP. Most log servers simply store this data in text files, and retrieving historical data is a manual procedure and often impossible - unlike op5 LogServer where you have an easy-to-use grapichal interface with easy import from archives.
Note: sendmail was the de-facto standard email server for two decades.
Note: RFC for syslog available at http://tools.ietf.org/html/rfc3164
op5 Logserver Components
 
Syslog-ng
 
Syslog-ng is the component that receives and stores syslog data.
If you want to know more about syslog-ng, have a look at:
http://www.balabit.com/network-security/syslog-ng/
 
PostgreSQL
 
In op5 LogServer all data is stored in a PostgreSQL database for a limited amount of time, for easy access from the web interface and rotated to disk after a configurable amount of time.
 
Apache Web Server with PHP
 
The web interface is written in PHP and served by an Apache web server.
 
op5 LogServer Storage
 
op5 LogServer has three storage facilities. Data is written to all three of these upon being received - however it is deleted according to separate settings.
 
The PostgreSQL database
 
All messages ar initially stored in the PostgreSQL database. This is used as the default source of information for the web interface.
The data in the PostgreSQL database is deleted after a configured amount of time. See chapter Database Storage for more information.
 
Local Storage
 
Data is also compressed with bzip and saved to disk, for future reference as archived data. When you restore archived data it is fetched from the local storage if possible, otherwise it is fetched from the remote storage.
The data in the local storage is deleted after a configured amount of time. See chapter Local Storage for more information.
 
Remote Storage
 
The remote storage has the same information as the local storage, but it is meant for saving data over a longer period of time.
Normally this is located on a file server, where it is also should be backed up.
The data on the remote storage is deleted after a configured amount of time - see chapter Remote storage for more information.