mailserver setup ideas

[noobstate]

iv decided to run a mail server i would have a separate box for it, and iv decided to go postfix but i have other boxes on the network, some have gentoo ssmtp and some have postfix local mail only setup. Now i want all their logs emailed ( they can email them selves logs now) or email passing between them what is the best way to go about this. do i have to run mailserver on each ? or can i have one main mailserver, and the others just forward the messages back and fourth with a simple mail server which requires little resource strain like running sstmp or localmail.

and for security what else should i put focus on for example SSL, HTTPS ? or other encryption / prevention of man in the middle attack counter measures. hardening methods (gentoo security handbook, selinux 2007.0 profile is already followed)

[kashani]

It might be simpler to have all your machines log to a single server. There are a number of howtos for doing this syslogn-ng. metalog will not work.

ssmtp is probably the simplest to use and won't actually do anything until your cron to email the logs kicks off. However running Postfix isn't much overhead either if it's just a local daemon. I tend to use Postfix on all my servers.

kashani
_________________
Will personally fix your server in exchange for motorcycle related shop tools in good shape.

[noobstate]

i already setup and tried various methods(localmail mutt homedir, it was dirty) using php-syslog-ng it worked fine for one box (i ran a vserver on it then sent all logs/messages to it that way, it was dirty, i didnt like it) but i want to expand this idea/concept to all machines so i figured a mailserver would be much nicer, messages + logs in a email format.

using cron for sending these logs/messages is dirty, im going to stay away from it. i want it to be instantaneous. (my vserver i had to setup a SSL Tunnel which was dirty all in its own as i only want it to on and off when sending and receiving not all the time via shared socket)

i was confused cause the gentoo wiki i followed said localmail only so i figured it wouldnt send to a mailserver on a different IP/host or even network. but now that is cleared up i should be good to go. i guess now the best thing to do is see if i can use SSL or some type of encryption with it also, and make it send mail to the database also without constantly having a socket open.

thanks

if anyone else has any other methods or ideas, please feel free to share them also. maybe current setups ?

im new to this stuff so my skill(or lack of ) is isolated to only to what i can come up with in such a situation.

[kashani]

I'd much rather build a syslog server and have all my machines log to a single server that splits things out automatically into /var/log/$date/$host or any number of formats. And it sounds waaaaaaaaayyyyyy simpler than shuffling log files around via email like you're describing. With a syslog server you can run logwatch and other tools on one machine and have it alert you when it sees something interesting.

kashani
_________________
Will personally fix your server in exchange for motorcycle related shop tools in good shape.

[noobstate]

im gona go right ahead and assume by a syslog server you mean like a specific dedicated box (mine would via either xen or vserver). then depending on method i may ssh into it and view via command line(as i presume u do or other means) or methods im currently toying with (which are grimy they just dont feel right, logs are something i have to check everyday, - couple months ago i was browsing the internet some random shady forum, and BAM somehow someone installed a linux based rootkit on my computer. i was in deep shock bout it and luckily i caught it -now im paranoid to hell - thats why its critical to get it right in not only scale but precision for all the boxes)

hmm i wouldnt mind that idea with the directories i just feel it wouldnt scale well enough(parse/search/notifications of error/warnings/hackers etc) if i wanted to for example view my logs from a different location other then my house not that i prolly ever would but if your going to go swimming you might as well get wet.

now that i think about it it would be log hell if i do database and email setup its prolly best to pick either mail all to a email account which is specifically for logs only which somehow organizes them only on changes(a logsentry type program tweaked to sh**) or a self updated version of php-syslog-ng(i dont like how it just keeps scrolling logs and floods the hell out of it. thats why i called it dirty) plus with that idea id have to make it modular based also so i can stay uptodate with php-syslog-ng developers without it breaking my changes - just to let everyone know if i do decide to go this route it would be released GPL on my website, which comes after the mail server/log server setup. partly why im so interested in getting this done right the first time.

logwatch im currently running on each machine separate, im gona look deeper into your concept here, if i could get log watch to dense up alot of this information from different hosts into one and send it would be less clutter, much more efficient. then i could use ur idea of having it sorted in directories or other means incase i wanted to look deeper into something.

im also interested to hear what enterprise solutions are out there for these types of situations. although i bet if a company has money they most likely get their sysadmin to design and build their network to fit their needs so i guess it wont make a difference.

but neways thanks again. by the time of writing this post and your comment iv decided to run a syslog server its the way to go for sure. then syncing it with a method of delivery can come later. i use mutt and localmail with some of these programs already and checking each computer everyday is pretty stupid so its good i have something to ponder and play with now.