Re: Syslog quiestion

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Thank You for fast reply,
In case of using syslog-ng, can it handle with various Windows and Cisco machines or it works only with *nixes? 
Thank You


Berthold Cogel wrote:

Khachatur Shahinyan schrieb:
Dear Friends, i have a question about centralized syslogging. I have a Redhat Linux Advanced Server 4, machine running as a log server.It collects logs from Windows, Linux, Freebsd and Cisco machines. The problem is that i cannot collect logs from linux machines via different facilities, e.g. local0 to local7. All logs from that machines goes to /var/log/messages, but i need them to be in different files like /var/log/linuxhost1.txt and /var/log/linuxhost2.txt 
Is there any way to make syslog write logs in different files?


Thank You



Not with syslog. You need filters do do this.
We're using syslog-ng for this task. There are different sources in the net that provide RPMs for RHEL systems. You have two options: 

- on your loghost replace syslog with syslog-ng
- install syslog-ng on your loghost and modify the init and logrotate script so they don't conflict
Our syslog-ng writes to a separate discspace. The only restriction for the second option is that the syslog on your loghost can't 'talk' the another syslog on the same system. This is hardcoded in syslog to prevent log loops.
With syslog-ng you can define filters with regex and even pipe the log entries throug external resources like a database. 

You can define log destinations per host like this:
destination d_cons { file ("/var/local/logmaster/hosts/$HOST/console"); }; destination d_mesg { file ("/var/local/logmaster/hosts/$HOST/messages"); }; 
....

And you can filter the output of programs:

filter f_P_slapd { program (slapd); };
destination d_ldap { file ("/var/local/logmaster/ldap/$HOST.log"); };
log {source (s_udp); filter (f_P_slapd); destination (d_ldap); flags (final); }; 


Take a look:
http://www.balabit.com/dl/html/syslog-ng-admin-guide_en.html/bk01-toc.html 

And there is rsyslog: http://www.rsyslog.com/


Regards,
Berthold Cogel



--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

[Index of Archives]     [CentOS]     [Kernel Development]     [PAM]     [Fedora Users]     [Red Hat Development]     [Big List of Linux Books]     [Linux Admin]     [Gimp]     [Asterisk PBX]     [Yosemite News]     [Red Hat Crash Utility]

  Powered by Linux