Khachatur Shahinyan schrieb:
Thank You for fast reply,
In case of using syslog-ng, can it handle with various Windows and
Cisco machines or it works only with *nixes?
Thank You
Berthold Cogel wrote:
Khachatur Shahinyan schrieb:
Dear Friends, i have a question about centralized syslogging. I have
a Redhat Linux Advanced Server 4, machine running as a log server.It
collects logs from Windows, Linux, Freebsd and Cisco machines. The
problem is that i cannot collect logs from linux machines via
different facilities, e.g. local0 to local7. All logs from that
machines goes to /var/log/messages, but i need them to be in
different files like /var/log/linuxhost1.txt and /var/log/linuxhost2.txt
Is there any way to make syslog write logs in different files?
Thank You
Not with syslog. You need filters do do this.
We're using syslog-ng for this task. There are different sources in
the net that provide RPMs for RHEL systems. You have two options:
- on your loghost replace syslog with syslog-ng
- install syslog-ng on your loghost and modify the init and logrotate
script so they don't conflict
Our syslog-ng writes to a separate discspace. The only restriction for
the second option is that the syslog on your loghost can't 'talk' the
another syslog on the same system. This is hardcoded in syslog to
prevent log loops.
With syslog-ng you can define filters with regex and even pipe the log
entries throug external resources like a database.
You can define log destinations per host like this:
destination d_cons { file
("/var/local/logmaster/hosts/$HOST/console"); };
destination d_mesg { file
("/var/local/logmaster/hosts/$HOST/messages"); };
....
And you can filter the output of programs:
filter f_P_slapd { program (slapd); };
destination d_ldap { file ("/var/local/logmaster/ldap/$HOST.log"); };
log {source (s_udp); filter (f_P_slapd); destination (d_ldap); flags
(final); };
Take a look:
http://www.balabit.com/dl/html/syslog-ng-admin-guide_en.html/bk01-toc.html
And there is rsyslog: http://www.rsyslog.com/
Regards,
Berthold Cogel
Our networkers use syslog-ng and Cisco devices. And for windows there is
a special agent available. Take a look in chapter 5 of the
documentation. I don't have any experience with this agent.
Perhaps you should read and subscribe the syslog-ng mailinglist:
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Berthold Cogel
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
