[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: syslogd recompilation

From: Rick Stevens <rstevens vitalstream com>
To: redhat-install-list redhat com
Subject: Re: syslogd recompilation
Date: Thu, 02 Oct 2003 12:27:30 -0700

Steve Gonzales wrote:

Hi, folks.

Has anyone been successful in recompiling syslogd to natively send its messages somewhere besides /var/log/messages?
I just don't want to reinvent the wheel if it's been done.


All you have to do is modify the /etc/syslog.conf file to point the
various messages at the files (or logging servers) and send the syslogd
daemon a SIGHUP to activate them.  Here's an example of a syslog.conf
file I use to cause all of our mail servers to log to a single logging
server (so I only have to look at one log rather than 14 logs):

------------------------------- CUT HERE -------------------------------
[root smtp-01-002 /root]# cat /etc/syslog.conf
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.*                                                 /dev/console

# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none               /var/log/messages

# The authpriv file has restricted access.
authpriv.*                                             /var/log/secure

# Log all the mail messages in one place.
# NOTE: The first line causes syslog to log to a local file as normal,
# the second line sends the same entries to the "logsrvr" machine at
# 10.24.1.26...
mail.*                                                 /var/log/maillog
mail.*                                                 @logsrvr

# Log cron stuff
cron.*                                                 /var/log/cron

# Everybody gets emergency messages, plus log them on another
# machine.
*.emerg                                                *

# Save mail and news errors of level err and higher in a
# special file.
uucp,news.crit                                         /var/log/spooler

# Save boot messages also to boot.log
local7.*                                               /var/log/boot.log
------------------------------- CUT HERE -------------------------------

Keep in mind that the target files MUST ALREADY EXIST as syslogd will
NOT create new files.  In other words, if you tell it to log something
to "/var/log/fradleybard.log", you must AT LEAST

touch /var/log/fradleybard.log

before sending syslogd the SIGHUP signal (the touch command will create
an empty instance of the file if it doesn't already exist).

See "man syslog.conf" for details.
----------------------------------------------------------------------
- Rick Stevens, Senior Systems Engineer     rstevens vitalstream com -
- VitalStream, Inc.                       http://www.vitalstream.com -
-                                                                    -
-   Never test for an error condition you don't know how to handle.  -
----------------------------------------------------------------------

References:
- syslogd recompilation
  - From: Steve Gonzales

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]