Remote loging and facility seperation of incoming logs.
Salutations all, I am attempting to set up a network log server for our Debian and RedHat servers. I can cause the other boxen to send the information to the log server. The log server receives the packets. However, I am having some difficulty separating the inbound packets by box and routing them to different files by facility. Any assistance would be appreciated. ****************************************************** * <<<<<<<<<<<<<< SouthNet <> TeleComm >>>>>>>>>>>>>> * ****************************************************** * Man generally seeks wisdom * T. Dean Tate * * only after all other options * deant@stsi.net * * have been exhausted. * UNIX Administration * ******************************************************
On Tue, Aug 31, 1999 at 10:40:44AM -0400, deant@stsi.net wrote:
Salutations all,
I am attempting to set up a network log server for our Debian and RedHat servers. I can cause the other boxen to send the information to the log server. The log server receives the packets. However, I am having some difficulty separating the inbound packets by box and routing them to different files by facility. Any assistance would be appreciated.
Instead of filtering based on facility, use the host() filter to sort messages belonging to different hosts to different destinations: source s_net { udp(); }; filter f_host1 { host("host1"); destination d_host1 { file("/var/log/host1/messages"); }; log { source(s_net); filter(f_host1); destination(d_host1); }; -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1 url: http://www.balabit.hu/pgpkey.txt
Date sent: Tue, 31 Aug 1999 22:53:02 +0200 From: Balazs Scheidler <bazsi@balabit.hu> To: syslog-ng@venus.terrasoft.hu Subject: Re: [syslog-ng] Remote loging and facility seperation of incoming logs. Send reply to: syslog-ng@venus.terrasoft.hu
On Tue, Aug 31, 1999 at 10:40:44AM -0400, deant@stsi.net wrote:
Salutations all,
I am attempting to set up a network log server for our Debian and RedHat servers. I can cause the other boxen to send the information to the log server. The log server receives the packets. However, I am having some difficulty separating the inbound packets by box and routing them to different files by facility. Any assistance would be appreciated.
Instead of filtering based on facility, use the host() filter to sort messages belonging to different hosts to different destinations:
source s_net { udp(); };
filter f_host1 { host("host1"); destination d_host1 { file("/var/log/host1/messages"); };
log { source(s_net); filter(f_host1); destination(d_host1); };
-- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1 url: http://www.balabit.hu/pgpkey.txt
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu http://lists.balabit.hu/mailman/listinfo/syslog-ng
Thank You Sir that apears to work well.
T. Dean Tate <> deant@stsi.net <> UNIX SYSADMIN ************************************************************************* The Shreveport Times (August 19, 1999), points out that since 1993, 82 children have been killed in school shootings; 99 children have been killed in that same period by goverment-mandated airbags.
On Tue, Aug 31, 1999 at 10:40:44AM -0400, deant@stsi.net wrote:
Salutations all,
I am attempting to set up a network log server for our Debian and RedHat servers. I can cause the other boxen to send the information to the log server. The log server receives the packets. However, I am having some difficulty separating the inbound packets by box and routing them to different files by facility. Any assistance would be appreciated.
Instead of filtering based on facility, use the host() filter to sort messages belonging to different hosts to different destinations:
source s_net { udp(); };
filter f_host1 { host("host1"); destination d_host1 { file("/var/log/host1/messages"); };
log { source(s_net); filter(f_host1); destination(d_host1); };
I have upgraded to the 1.1.13 debian package. Using the schema above I receive "Starting system logging: parse error at 43". Here is a snip from my configuration file. --- snip --- # Syslog-ng program configuration option settings. options { long_hostnames(off); sync(0); }; # Log stream setup. source src { unix-stream("/dev/log"); internal(); }; source net { udp(); }; ##################################################################### #FILTER DEFINITIONS # --- snip --- standard facility and level definitions --- snip --- # host definition filter f_zeus { host("zeus"); ##########ERROR AT THIS POINT<<<<<<<<<<<<< filter f_apollo { host("apollo"); filter f_ren { host("ren"); filter f_mercury { host("mercury"); destination authlog { file("/var/log/scribe/auth.log"); }; destination zeus_authlog { file("/var/log/zeus/auth.log"); # --- snip --- ...etc,etc,etc for other log file destination descriptions. --- snip --- # scribe local logging log { source(src); filter(f_authpriv); destination(authlog); }; log { source(src); filter(f_syslog); destination(syslog); }; # --- snip --- ...etc,etc,etc for other logging statements. --- snip --- I must be forming the host statement incorrectly. What do you think? Eschew Esoteric Obfuscation UNIX Administration SouthNet TeleCom deant@stsi.net T. Dean Tate
participants (2)
-
Balazs Scheidler
-
deant@stsi.net