Syslog quiestion

Berthold Cogel cogel at uni-koeln.de
Fri Jun 20 11:51:01 UTC 2008 

Khachatur Shahinyan schrieb:
> Thank You for fast reply,
> In case of using syslog-ng,  can it handle with various Windows and 
> Cisco machines or it works only with *nixes?
> Thank You
> 
> 
> Berthold Cogel wrote:
>> Khachatur Shahinyan schrieb:
>>> Dear Friends, i have a question about centralized syslogging. I have 
>>> a Redhat Linux Advanced Server 4, machine running as a log server.It 
>>> collects logs from Windows, Linux, Freebsd and Cisco machines. The 
>>> problem is that i cannot collect logs from linux machines via 
>>> different facilities, e.g. local0 to local7. All logs from that 
>>> machines goes to /var/log/messages, but i need them to be in 
>>> different files like /var/log/linuxhost1.txt and /var/log/linuxhost2.txt
>>> Is there any way to make syslog write logs in different files?
>>>
>>>
>>> Thank You
>>>
>>
>> Not with syslog. You need filters do do this.
>>
>> We're using syslog-ng for this task. There are different sources in 
>> the net that provide RPMs for RHEL systems. You have two options:
>>
>> - on your loghost replace syslog with syslog-ng
>> - install syslog-ng on your loghost and modify the init and logrotate 
>> script so they don't conflict
>>
>> Our syslog-ng writes to a separate discspace. The only restriction for 
>> the second option is that the syslog on your loghost can't 'talk' the 
>> another syslog on the same system. This is hardcoded in syslog to 
>> prevent log loops.
>>
>> With syslog-ng you can define filters with regex and even pipe the log 
>> entries throug external resources like a database.
>>
>> You can define log destinations per host like this:
>>
>> destination d_cons { file 
>> ("/var/local/logmaster/hosts/$HOST/console"); };
>> destination d_mesg { file 
>> ("/var/local/logmaster/hosts/$HOST/messages"); };
>> ....
>>
>> And you can filter the output of programs:
>>
>> filter f_P_slapd { program (slapd); };
>> destination d_ldap { file ("/var/local/logmaster/ldap/$HOST.log"); };
>> log {source (s_udp); filter (f_P_slapd); destination (d_ldap); flags 
>> (final); };
>>
>>
>> Take a look:
>> http://www.balabit.com/dl/html/syslog-ng-admin-guide_en.html/bk01-toc.html 
>>
>>
>> And there is rsyslog: http://www.rsyslog.com/
>>
>>
>> Regards,
>> Berthold Cogel
>>
> 

Our networkers use syslog-ng and Cisco devices. And for windows there is 
a special agent available. Take a look in chapter 5 of the 
documentation. I don't have any experience with this agent.
Perhaps you should read and subscribe the syslog-ng mailinglist:
https://lists.balabit.hu/mailman/listinfo/syslog-ng


Berthold Cogel

More information about the redhat-list mailing list