[syslog-ng] syslog.conf for Solaris box to send to Syslog-NG server

Stew Redfield Stew.Redfield at WellsREF.com
Tue Jul 5 18:50:29 CEST 2005 

Shane,
Here's my base /etc/syslog.conf for Solaris

# Push to loghost (/etc/hosts or DNS) [syslog-ng]
# syslog-ng handles prioritization/alerting
*.warn;*.alert;*.emerg;*.err;*.info		@loghost

# Keep mail annoyances local
mail.debug
/var/log/syslog.mail

# Keep consistency for debugging/console work
kern.notice;auth.notice				/dev/sysmsg 
kern.debug;daemon.notice;mail.crit		/var/adm/messages


When in doubt, be explicit (and syslog is m4 parsed so make sure the
tabs are really tabs...)

HTH,
Stew


-----Original Message-----
From: syslog-ng-bounces at lists.balabit.hu
[mailto:syslog-ng-bounces at lists.balabit.hu] On Behalf Of Shane Presley
Sent: Tuesday, July 05, 2005 12:43 PM
To: syslog-ng at lists.balabit.hu
Subject: [syslog-ng] syslog.conf for Solaris box to send to Syslog-NG
server

Hello,

I have a syslog-ng centralized host, setup and working great.  My
routers and various other devices send their messages to it.

I'd like to have my Solaris servers send to it as well.  They run the
solaris syslog deamon, not syslog-ng.  I've included the syslog.conf
below for a server that we have doing this (forwarding logs).  But I
didn't set this up myself, and I'd like to understand the format.

The line that seems to forward the logs is 

# Send all messages to the logger
*.debug                                       @10.10.10.1
auth.notice                                  @10.10.10.1

Is that sending all syslog messages?  Basically we want anything that
would normally be logged to /var/adm/messages to go the log server as
well.  Does the above line only mean debug, or does that mean anything
debug or greater?

Thanks
Shane


# Copyright (c) 1991-1998 by Sun Microsystems, Inc.
# All rights reserved.
#
# syslog configuration file.
#
# This file is processed by m4 so be careful to quote (`') names
# that match m4 reserved words.  Also, within ifdef's, arguments
# containing commas must be quoted.
#
*.err;kern.notice;auth.notice                   /dev/sysmsg
*.err;kern.debug;daemon.notice;mail.crit        /var/adm/messages

*.alert;kern.err;daemon.err                     operator
*.alert                                         root

*.emerg                                         *

# Send all messages to the logger
*.debug                                         @10.10.10.1
auth.notice                                     @10.10.10.1

# if a non-loghost machine chooses to have authentication messages
# sent to the loghost machine, un-comment out the following line:
#auth.notice                    ifdef(`LOGHOST', /var/log/authlog,
@loghost)

mail.debug                      ifdef(`LOGHOST', /var/log/syslog,
@loghost)

#
# non-loghost machines will use the following lines to cause "user"
# log messages to be logged locally.
#
ifdef(`LOGHOST', ,
user.err                                        /dev/sysmsg
user.err                                        /var/adm/messages
user.alert                                      `root'
user.emerg                                      *
_______________________________________________
syslog-ng maillist  -  syslog-ng at lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html

More information about the syslog-ng mailing list