Newbie question My Goals (2) To replace the current CentOS 5.x log server with a SL 6.x syslog-ng server. *************************************** *************************************** Goal 1 To have all Linux servers log by the following: All Linux servers are running either syslog or rsyslog - Accept logs from Linux servers and separate them to messages.$YEAR$MONTH$DAY secure.$YEAR$MONTH$DAY maillog.$YEAR$MONTH$DAY messages can be a 'catchall' ================== My success on Linux servers... The mods in the syslog-ng.conf I have for Linux servers does work but catches everything. *************************************** *************************************** Goal 2 To have all (Cisco) switches / routers log according to their current syslog settings Current syslog server uses /etc/hosts to log the following. Receive logging messages from network devices (Router/Switch/VPN) to 3 files #based on priority local4.err /var/log/NetLog/NetDeverr local4.notice,local4.!err /var/log/NetLog/NetDevnote local4.=debug,local4.=info /var/log/NetLog/NetDevdebug #Receive logging messages from all other devices to 3 files based on priority syslog.err /var/log/OtherLog/OthDeverr syslog.notice,syslog.!err /var/log/OtherLog/OthDevnote syslog.=debug,syslog.=info /var/log/OtherLog/OthDevdebug #Receive logging messages from all wireless devices to 3 files based on priority local3.err /var/log/NetLog/Wirelesserr local3.notice,local3.!err /var/log/NetLog/Wirelessnote local3.=debug,local3.=info /var/log/NetLog/Wirelessdebug #Receive logging messages from all UPS's to 3 files based on priority local5.err /var/log/UPSLog/UPSerr local5.notice,local5.!err /var/log/UPSLog/UPSnote local5.=debug,local5.=info /var/log/UPSLog/UPSdebug *************************************** Thx for any pointers. tk --------------------- rsyslog is turned off -- OS: Scientific Linux 6.2 (RHEL 6 clone) -- #syslog-ng -V syslog-ng 3.2.5 Installer-Version: 3.2.5 Revision: ssh+git://bazsi@git.balabit//var/scm/git/syslog-ng/syslog-ng-ose--mainline--3.2#master#9d4bea28198bd731df1a61e980a2af5b88d81116 Compile-Date: Jan 15 2012 19:52:28 Enable-Threads: on Enable-Debug: off Enable-GProf: off Enable-Memtrace: off Enable-Sun-STREAMS: off Enable-IPv6: on Enable-Spoof-Source: on Enable-TCP-Wrapper: on Enable-SSL: off Enable-SQL: on Enable-Linux-Caps: off Enable-Pcre: on Enable-Pacct: off -- syslog-ng.conf (out of the box) with one change create_dirs (yes); --------------------- @version:3.2 # syslog-ng configuration file. # # This should behave pretty much like the original syslog on RedHat. But # it could be configured a lot smarter. # # See syslog-ng(8) and syslog-ng.conf(5) for more information. # options { flush_lines (0); time_reopen (10); log_fifo_size (1000); long_hostnames (off); use_dns (no); use_fqdn (no); create_dirs (yes); keep_hostname (yes); }; source s_sys { file ("/proc/kmsg" program_override("kernel: ")); unix-stream ("/dev/log"); internal(); # udp(ip(0.0.0.0) port(514)); }; destination d_cons { file("/dev/console"); }; destination d_mesg { file("/var/log/messages"); }; destination d_auth { file("/var/log/secure"); }; destination d_mail { file("/var/log/maillog" flush_lines(10)); }; destination d_spol { file("/var/log/spooler"); }; destination d_boot { file("/var/log/boot.log"); }; destination d_cron { file("/var/log/cron"); }; destination d_kern { file("/var/log/kern"); }; destination d_mlal { usertty("*"); }; filter f_kernel { facility(kern); }; filter f_default { level(info..emerg) and not (facility(mail) or facility(authpriv) or facility(cron)); }; filter f_auth { facility(authpriv); }; filter f_mail { facility(mail); }; filter f_emergency { level(emerg); }; filter f_news { facility(uucp) or (facility(news) and level(crit..emerg)); }; filter f_boot { facility(local7); }; filter f_cron { facility(cron); }; ## Begin Mods source s_udp { udp( flags(no-parse) ); };# An UDP source source s_tcp { tcp( flags(no-parse) ); };# An TCP source ###### Filter statements ####### ### Linux logs filter f_mailhost {host(172.25.85.41); }; filter f_merlin {host(172.25.45.10); }; ###### Destination statements ####### destination d_linux_servers {file("/var/log/devices/linux_servers/$HOST/log.$YEAR$MONTH$DAY"); }; ###### Log statements ####### ### Linux servers log {source(s_udp); filter(f_merlin); destination(d_linux_servers); }; log {source(s_udp); filter(f_mailhost); destination(d_linux_servers); }; --------------------- Thx