Thanks.
Hardy Merrill
<hmerrill@redhat. To: redhat-list@xxxxxxxxxx
com> cc:
Sent by: Subject: Re: syslog question
redhat-list-admin
@redhat.com
10/28/03 09:13 AM
Please respond to
redhat-list
john.dufour@xxxxxxxx [john.dufour@xxxxxxxx] wrote:
>
> I have set up syslog server on a Redhat 9 box to log messages from my
> Firewall. The messages are being logged to /var/log/messages. How do I
> modify the /etc/syslog.conf to have different FW's log to different log
> files. Thanks in advance.
Read the manpages for 'syslog' and 'syslog.conf' by doing
man syslog
man syslog.conf
at a command prompt.
syslog can do remote logging - you can have one or more machines
send their log entries to a separate(remote) logging machine - you
could do that like this:
firewall1 /etc/syslog.conf
---------------------------
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
#*.info;mail.none;authpriv.none;cron.none /var/log/messages
*.info;mail.none;authpriv.none;cron.none @log_server
firewall2 /etc/syslog.conf
---------------------------
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
#*.info;mail.none;authpriv.none;cron.none /var/log/messages
*.info;mail.none;authpriv.none;cron.none @log_server
log_server /etc/syslog.conf
---------------------------
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none /var/log/messages
This will cause firewall1 and firewall2 to send log messages
to server "log_server", and "log_server" will send those messages
to file /var/log/messages(on "log_server").
Remember that if you change /etc/syslog.conf, restart or
reload the syslog daemon by doing(as root)
service syslog restart
You may already be doing what I describe above. Not sure
why you want the log messages logged to a different file
for each server, but are you aware that each message *is*
stamped with the name of the machine that the message
came from?
I haven't seen this type of thing done before, but I suppose
on the log server you could have the messages written to a
pipe(using "|/path/to/fifo in syslog.conf) and then have a
program read from the pipe - and for each log message, parse
out the machine name and write messages to different log
files based on the machine name. But the problem with using
pipes is that messages can be lost if they are queued in the
pipe and the machine goes down.
HTH.
--
Hardy Merrill
Red Hat, Inc.
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
< END >
-----------------------------------------
The information contained in this email message is intended only for use of the individual or entity named above. If the reader of this message is not the intended recipient, or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please immediately notify us by email (postmaster@xxxxxxxx), and destroy the original message. Thank you
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
