john.dufour@xxxxxxxx [john.dufour@xxxxxxxx] wrote: > > I have set up syslog server on a Redhat 9 box to log messages from my > Firewall. The messages are being logged to /var/log/messages. How do I > modify the /etc/syslog.conf to have different FW's log to different log > files. Thanks in advance. Read the manpages for 'syslog' and 'syslog.conf' by doing man syslog man syslog.conf at a command prompt. syslog can do remote logging - you can have one or more machines send their log entries to a separate(remote) logging machine - you could do that like this: firewall1 /etc/syslog.conf --------------------------- # Log anything (except mail) of level info or higher. # Don't log private authentication messages! #*.info;mail.none;authpriv.none;cron.none /var/log/messages *.info;mail.none;authpriv.none;cron.none @log_server firewall2 /etc/syslog.conf --------------------------- # Log anything (except mail) of level info or higher. # Don't log private authentication messages! #*.info;mail.none;authpriv.none;cron.none /var/log/messages *.info;mail.none;authpriv.none;cron.none @log_server log_server /etc/syslog.conf --------------------------- # Log anything (except mail) of level info or higher. # Don't log private authentication messages! *.info;mail.none;authpriv.none;cron.none /var/log/messages This will cause firewall1 and firewall2 to send log messages to server "log_server", and "log_server" will send those messages to file /var/log/messages(on "log_server"). Remember that if you change /etc/syslog.conf, restart or reload the syslog daemon by doing(as root) service syslog restart You may already be doing what I describe above. Not sure why you want the log messages logged to a different file for each server, but are you aware that each message *is* stamped with the name of the machine that the message came from? I haven't seen this type of thing done before, but I suppose on the log server you could have the messages written to a pipe(using "|/path/to/fifo in syslog.conf) and then have a program read from the pipe - and for each log message, parse out the machine name and write messages to different log files based on the machine name. But the problem with using pipes is that messages can be lost if they are queued in the pipe and the machine goes down. HTH. -- Hardy Merrill Red Hat, Inc. -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
