Syslog quiestion

Berthold Cogel cogel at uni-koeln.de
Thu Jun 19 12:19:26 UTC 2008


Khachatur Shahinyan schrieb:
> Dear Friends, i have a question about centralized syslogging. I have a 
> Redhat Linux Advanced Server 4, machine running as a log server.It 
> collects logs from Windows, Linux, Freebsd and Cisco machines. The 
> problem is that i cannot collect logs from linux machines via different 
> facilities, e.g. local0 to local7. All logs from that machines goes to 
> /var/log/messages, but i need them to be in different files like 
> /var/log/linuxhost1.txt and /var/log/linuxhost2.txt
> Is there any way to make syslog write logs in different files?
> 
> 
> Thank You
> 

Not with syslog. You need filters do do this.

We're using syslog-ng for this task. There are different sources in the 
net that provide RPMs for RHEL systems. You have two options:

- on your loghost replace syslog with syslog-ng
- install syslog-ng on your loghost and modify the init and logrotate 
script so they don't conflict

Our syslog-ng writes to a separate discspace. The only restriction for 
the second option is that the syslog on your loghost can't 'talk' the 
another syslog on the same system. This is hardcoded in syslog to 
prevent log loops.

With syslog-ng you can define filters with regex and even pipe the log 
entries throug external resources like a database.

You can define log destinations per host like this:

destination d_cons { file ("/var/local/logmaster/hosts/$HOST/console"); };
destination d_mesg { file ("/var/local/logmaster/hosts/$HOST/messages"); };
....

And you can filter the output of programs:

filter f_P_slapd { program (slapd); };
destination d_ldap { file ("/var/local/logmaster/ldap/$HOST.log"); };
log {source (s_udp); filter (f_P_slapd); destination (d_ldap); flags 
(final); };


Take a look:
http://www.balabit.com/dl/html/syslog-ng-admin-guide_en.html/bk01-toc.html

And there is rsyslog: http://www.rsyslog.com/


Regards,
Berthold Cogel




More information about the redhat-list mailing list