<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"><HTML DIR=ltr><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1"></HEAD><BODY><DIV><FONT face='Arial' color=#000000 size=2>Hello,</FONT></DIV>
<DIV><FONT face=Arial size=2>I've been working on setting up a syslog to do some
event per second calculations. I'm trying to log all information from a
host such as AIX or Linux to a single file. I can do this with the 'host'
option but I am having problems combining this with the local facility
option. I've been working with various iterations but here are the major
components:</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2><SPAN lang=EN>
<P>options
{<BR>sync(0);<BR>time_reopen(10);<BR>log_fifo_size(1000);<BR>long_hostnames(off);<BR>use_dns(no);<BR>use_fqdn(no);<BR>create_dirs(yes);<BR>keep_hostname(yes);<BR>owner(root);</P>
<P>};</P>
<P>source s_sys {<BR> file ("/proc/kmsg" log_prefix("kernel:
"));<BR>unix-stream ("/dev/log");<BR>internal();<BR>udp(ip(0.0.0.0)
port(514));<BR>};</P>
<P>source s_net { udp(); };</P>
<P>And here is an example of the log definitions:</P><SPAN lang=EN>
<P>destination sw-089 { file("/var/log/sw-089.log"); };<BR>destination adm1r2 {
file("/var/log/adm1r2.log"); };</P><SPAN lang=EN>
<P>filter f_adm1r2 { host("172.16.148.60"); };<BR><SPAN lang=EN>filter f_sw-089
{ facility(local4); };</SPAN></P><SPAN lang=EN><SPAN lang=EN>
<P>log { source(s_sys); filter(f_sw-089); destination(sw-089); };<BR><SPAN
lang=EN>log { source(s_net); filter(f_adm1r2); destination (adm1r2); };</P>
<P>The facility locals seem to be working at all times, but the host does not...
any ideas or suggestions?</P>
<P> </P>
<P>Thanks,<BR>Dan</SPAN><BR></P></SPAN></SPAN></SPAN></SPAN></SPAN></FONT></DIV></BODY></HTML>