RBP Installation and Readme file Version: 0.3.0 ma_kataoka@yahoo.co.jp Install and Quick Start ----------------------- - Make a new directory and unzip the archive into it. The directory will be refered to as . - Open a command prompt and execute the following > cd > rbp -kc [A service named "rbp" will be created] - Edit global configuration file rbp.conf Make sure the following line is enabled # to enable Logging Service for Orenosp/Orenosv rbp_mod_start = lgs - Edit configuration of each function [LGS : Logging Service for Orenosp/Orenosv] The default listen port is configured as follows: - accepts SSL-enabled connection at TCP port 13000. - all access must be from local LAN only (192.168.x.x) Then, you have to define log files and mapping rules. Log Sources Each application distinguishes a logging stream with a "label". It's a name that the application administrator decides for the particular log stream the the application generates. LGS identifies a particular log connection with a "label". So the application administrator and LGS administrator have to agree upon the label to use for a particular log stream. By convention, path-style strings are used as labels (e.g., "/host1/access-log"). Log connection(s) with the same "label" form a logical log source. Notice that multiple processes and/or multiple applications using the same "label" can form a single log source. Log Destinations A log destination is an I/O abstraction into which LGS writes log records. A log destination is identified by a log name and can have one I/O scheme. Currently the following I/O schemes are available: single: a single file pipe: passes log records to log-io subprocess remote: passes log records to another instance of LGS Associating a Log Source to Log Destination Associating log sources to log destinations can be defined as a set of rules. You can associate multiple log sources to a single log destination. You can create rules using "lgs_pass_by" parameters. Currently, rules can be specified only by labels. Example # define log destinations lgs_define_log = catch-all-log single catch-all.log lgs_define_log = host1-access-log single host1-access.log lgs_define_log = trash-can single trash.log lgs_define_log = ftp-farm-access-log single ftp-access.log # associating log sources with log destinations # "path" is a mode specifier to indicate a destination should be determined # based on log labels. lgs_pass_by = path * catch-all-log lgs_pass_by = path /host1/access-log host1-access-log lgs_pass_by = path /*/ftp-access-log ftp-farm-access-log lgs_pass_by = path /*/nimda-log trash-can As you can infer from the above example, nimda logs from all hosts will go into a single log destination named "trash-can". Likewise, ftp access logs from all hosts will go into a single log destination "ftp-farm-access-log". Access log on host1 will go into host1-access-log. All other log connections will go into "catch-all-log". Access Control You can enforce access control per a label or a set of labels. # allow all access to good IPs only lgs_auth_path = * -ip_allow="192.168.1.0/24,127.0.0.1/24" # - LAN only and also require user and password lgs_auth_path = * -ip_allow="192.168.1.0/24,127.0.0.1/24" \ -u="user1:pass1,user2:pass2" Tips on Merging Multiple Logs into a Single Log Stream Currently LGS does not append to a log record any information about which application generated the log record. You can change the log format to include identifying information. HTTP access log (Orenosv HTTP, Orenosp Reverse Proxy) - use common-vhost or combined-vhost log format or use flag of 0001 (http_log_access_flags/proxy_log_access_flags) Orenosv FTP access log - From Orenosv 0.7.0, server-ip:server-port is recorded in place of "-" in the second column in FTP CLF format. - start rbp service > net start rbp Check event.log for any failure or other messages. Uninstall --------- - stop rbp service > net stop rbp - Delete rbp service > cd > .\rbp -kd - Remove files from directory. EOF