Hi there, On Thu, 2 Nov 2006 Nick Baronian wrote:
Is there a way I can duplicate the name schema the remote box is using
I don't know exactly what you mean by that, and I do't think I'd know the answer if I did. :)
What I mean is if I have two boxes I want to log to this syslog-ng server, one is an old Unix box that is logging *.info;mail.none locally to /var/adm/syslog/syslog.log and the other is a RH Linux box that logs *.info;mail.none locally to /var/log/messages is there a way the remote syslog-ng server can be configured to write the *.info;mail.none for the Linux box to a messages file and for logs it receives from the Unix box to a syslog.log file?
That should be no problem at all, but I think you're going to have to knuckle down and read the documentation. You'd tell the two boxes to log to the logging server and create a few rules on the logging server which log to different places depending on which of the two boxes sent the log message. If I were doing it, I'd have the two boxes decide what to log and the logging server decide only where (which file) to log it in. Otherwise you might create a lot of network traffic which contained information that would be discarded by the logging server. You seem to attach some significance to the names of these logfiles. Is there a reason for that? -- 73, Ged.
Thanks for the help guys and sorry for my confusion. Ged - the logs on this server are needed for some semi non-technical (auditors) people who already have scripts that analyze logs off the different *Nix boxes. Since each script is tailored to each log/server my boss asked if I could make it easy on them and keep the same name schema as it is on the local servers. -Nick On 11/2/06, G.W. Haywood <ged@jubileegroup.co.uk> wrote:
Hi there,
On Thu, 2 Nov 2006 Nick Baronian wrote:
Is there a way I can duplicate the name schema the remote box is using
I don't know exactly what you mean by that, and I do't think I'd know the answer if I did. :)
What I mean is if I have two boxes I want to log to this syslog-ng server, one is an old Unix box that is logging *.info;mail.none locally to /var/adm/syslog/syslog.log and the other is a RH Linux box that logs *.info;mail.none locally to /var/log/messages is there a way the remote syslog-ng server can be configured to write the *.info;mail.none for the Linux box to a messages file and for logs it receives from the Unix box to a syslog.log file?
That should be no problem at all, but I think you're going to have to knuckle down and read the documentation. You'd tell the two boxes to log to the logging server and create a few rules on the logging server which log to different places depending on which of the two boxes sent the log message. If I were doing it, I'd have the two boxes decide what to log and the logging server decide only where (which file) to log it in. Otherwise you might create a lot of network traffic which contained information that would be discarded by the logging server.
You seem to attach some significance to the names of these logfiles. Is there a reason for that?
--
73, Ged. _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
participants (2)
-
G.W. Haywood
-
Nick Baronian