I have set up syslog server on a Redhat 9 box to log messages from my Firewall. The messages are being logged to /var/log/messages. How do I modify the /etc/syslog.conf to have different FW's log to different log files. Thanks in advance.
By far the best way would be to install syslog-ng....
http://www.balabit.com/products/syslog_ng/ http://www.balabit.com/downloads/libol/0.3/
Plain old syslog isn't enough and syslog +mysql is hitting a fly w/ a hammer.
Get the latest 1.6 version and libol along with it. Afterwards just stop using syslog that came w/ RH9 and use syslog-ng for all logging needs.
Syslog-ng can create directories based on ip, set permissions and such - al kinds of nifty stuff... Its very flexable and IMHO should be the syslog daemon that's shipped w/ RH because its just what most people need but w/o the extra sql server...
I'll attach my syslog-ng file that does remote logging. If a new host sends some syslog data - it'll create a directory for it, dns if optional, and just dump it into /var/log/syslog-ng/<ip>/messages
------------------------------------
options { sync (0);
time_reopen (10);
log_fifo_size (1000);
long_hostnames (off);
use_dns (yes);
use_fqdn (no);
create_dirs (yes);
keep_hostname (yes);
};source s_sys { pipe ("/proc/kmsg" log_prefix("kernel: ")); unix-stream ("/dev/log"); internal(); };
destination d_cons { file("/dev/console"); };
destination d_mesg { file("/var/log/messages"); };
destination d_auth { file("/var/log/secure"); };
destination d_mail { file("/var/log/maillog"); };
destination d_spol { file("/var/log/spooler"); };
destination d_boot { file("/var/log/boot.log"); };
destination d_cron { file("/var/log/cron"); };
destination d_mlal { usertty("*"); };filter f_filter1 { facility(kern); };
filter f_filter2 { level(info) and
not (facility(mail)
or facility(authpriv) or facility(cron)); };
filter f_filter3 { facility(authpriv); };
filter f_filter4 { facility(mail); };
filter f_filter5 { level(emerg); };
filter f_filter6 { facility(uucp) or
(facility(news) and level(crit)); };
filter f_filter7 { facility(local7); };
filter f_filter8 { facility(cron); };#log { source(s_sys); filter(f_filter1); destination(d_cons); };
log { source(s_sys); filter(f_filter2); destination(d_mesg); };
log { source(s_sys); filter(f_filter3); destination(d_auth); };
log { source(s_sys); filter(f_filter4); destination(d_mail); };
log { source(s_sys); filter(f_filter5); destination(d_mlal); };
log { source(s_sys); filter(f_filter6); destination(d_spol); };
log { source(s_sys); filter(f_filter7); destination(d_boot); };
log { source(s_sys); filter(f_filter8); destination(d_cron); };source udp_net { udp(); };
source tcp_net { tcp(); };destination network { file("/var/log/syslog-ng/$HOST/messages"
owner (syslog-ng)
group (wheel)
dir_group (wheel)
perm (0640)
dir_perm (0750)
create_dirs (yes)
); };log { source(tcp_net); source(udp_net); destination(network); };
-- Rock River Internet Roger Grunkemeyer 202 W. State St, 8th Floor grunky@xxxxxxxxxxxxx Rockford, IL 61101 815-968-3888
-- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
