Syslog quiestion

Khachatur Shahinyan khachatur.shahinyan at arca.am
Thu Jun 19 12:55:22 UTC 2008 

Thank You for fast reply,
In case of using syslog-ng,  can it handle with various Windows and 
Cisco machines or it works only with *nixes?
Thank You


Berthold Cogel wrote:
> Khachatur Shahinyan schrieb:
>> Dear Friends, i have a question about centralized syslogging. I have 
>> a Redhat Linux Advanced Server 4, machine running as a log server.It 
>> collects logs from Windows, Linux, Freebsd and Cisco machines. The 
>> problem is that i cannot collect logs from linux machines via 
>> different facilities, e.g. local0 to local7. All logs from that 
>> machines goes to /var/log/messages, but i need them to be in 
>> different files like /var/log/linuxhost1.txt and /var/log/linuxhost2.txt
>> Is there any way to make syslog write logs in different files?
>>
>>
>> Thank You
>>
>
> Not with syslog. You need filters do do this.
>
> We're using syslog-ng for this task. There are different sources in 
> the net that provide RPMs for RHEL systems. You have two options:
>
> - on your loghost replace syslog with syslog-ng
> - install syslog-ng on your loghost and modify the init and logrotate 
> script so they don't conflict
>
> Our syslog-ng writes to a separate discspace. The only restriction for 
> the second option is that the syslog on your loghost can't 'talk' the 
> another syslog on the same system. This is hardcoded in syslog to 
> prevent log loops.
>
> With syslog-ng you can define filters with regex and even pipe the log 
> entries throug external resources like a database.
>
> You can define log destinations per host like this:
>
> destination d_cons { file 
> ("/var/local/logmaster/hosts/$HOST/console"); };
> destination d_mesg { file 
> ("/var/local/logmaster/hosts/$HOST/messages"); };
> ....
>
> And you can filter the output of programs:
>
> filter f_P_slapd { program (slapd); };
> destination d_ldap { file ("/var/local/logmaster/ldap/$HOST.log"); };
> log {source (s_udp); filter (f_P_slapd); destination (d_ldap); flags 
> (final); };
>
>
> Take a look:
> http://www.balabit.com/dl/html/syslog-ng-admin-guide_en.html/bk01-toc.html 
>
>
> And there is rsyslog: http://www.rsyslog.com/
>
>
> Regards,
> Berthold Cogel
>

More information about the redhat-list mailing list