Khachatur Shahinyan schrieb:
Dear Friends, i have a question about centralized syslogging. I have a
Redhat Linux Advanced Server 4, machine running as a log server.It
collects logs from Windows, Linux, Freebsd and Cisco machines. The
problem is that i cannot collect logs from linux machines via different
facilities, e.g. local0 to local7. All logs from that machines goes to
/var/log/messages, but i need them to be in different files like
/var/log/linuxhost1.txt and /var/log/linuxhost2.txt
Is there any way to make syslog write logs in different files?
Thank You
Not with syslog. You need filters do do this.
We're using syslog-ng for this task. There are different sources in the
net that provide RPMs for RHEL systems. You have two options:
- on your loghost replace syslog with syslog-ng
- install syslog-ng on your loghost and modify the init and logrotate
script so they don't conflict
Our syslog-ng writes to a separate discspace. The only restriction for
the second option is that the syslog on your loghost can't 'talk' the
another syslog on the same system. This is hardcoded in syslog to
prevent log loops.
With syslog-ng you can define filters with regex and even pipe the log
entries throug external resources like a database.
You can define log destinations per host like this:
destination d_cons { file ("/var/local/logmaster/hosts/$HOST/console"); };
destination d_mesg { file ("/var/local/logmaster/hosts/$HOST/messages"); };
....
And you can filter the output of programs:
filter f_P_slapd { program (slapd); };
destination d_ldap { file ("/var/local/logmaster/ldap/$HOST.log"); };
log {source (s_udp); filter (f_P_slapd); destination (d_ldap); flags
(final); };
Take a look:
http://www.balabit.com/dl/html/syslog-ng-admin-guide_en.html/bk01-toc.html
And there is rsyslog: http://www.rsyslog.com/
Regards,
Berthold Cogel
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
