logging to file and remote host
hi all, I am not yet a syslog-ng user. I would like to know if it is possible to do what I want with standard syslogd and if not then with syslog-ng On HP-UX 11.00 I want to log messages to a file and to remote host. Is that possible with syslogd? I tried something like mail.* /var/adm/syslog/mail.log and it works I tried mail.* @LOGHOST and it works If I put both lines then only one is used. How can I log to a file and also to LOGHOST? If it is not possible with syslog and is possible with syslog-ng, then please let me know so I can continue the reading of the manuals. best regards and thanks Atif Ghaffar
Hi Atif, Not sure on HP-UX but I can confirm that this works on Solaris and Linux. I do something like: mail.* /var/log/maillog *.warn @loghost HTH, Harry Quoting Atif Ghaffar <aghaffar@developer.ch>: *> hi all, *> *> I am not yet a syslog-ng user. I would like to know if it is possible to *> do what I want with standard syslogd and if not then with syslog-ng *> *> On HP-UX 11.00 *> *> I want to log messages to a file and to remote host. *> Is that possible with syslogd? *> *> I tried something like *> mail.* /var/adm/syslog/mail.log *> *> and it works *> *> I tried *> *> mail.* @LOGHOST *> *> and it works *> *> If I put both lines then only one is used. *> *> How can I log to a file and also to LOGHOST? *> *> If it is not possible with syslog and is possible with syslog-ng, then *> please let me know so I can continue the reading of the manuals. *> *> best regards and thanks *> *> Atif Ghaffar *> *> *> _______________________________________________ *> syslog-ng maillist - syslog-ng@lists.balabit.hu *> https://lists.balabit.hu/mailman/listinfo/syslog-ng *> Frequently asked questions at http://www.campin.net/syslog-ng/faq.html *> *> -- Harry Hoffman hhoffman@ip-solutions.net STANDARD DISCLAIMER: ********************************************** *This universe shipped by weight, not volume.* *Some expansion may have occured in shipping.* ********************************************** ------------------------------------------------- This mail sent through IpSolutions: http://www.ip-solutions.net/
Harry Hoffman wrote:
Hi Atif,
Not sure on HP-UX but I can confirm that this works on Solaris and Linux. I do something like: mail.* /var/log/maillog *.warn @loghost
Hi Harry, Thanks for the quick reply, You are sending two entries to different destinations. Can you do: mail.* /var/log/maillog mail.* @loghost What we are trying to do is log everything localy as well as remotely. So if the remote server is down, the logs are localy present and if the server is compromised and the logs are deleted, there is still trace on syslog. best regards
Hi Atif, Ok, right. Sorry about that. I can't test the Uni setup right now but this quick test on my home linux network seems to work (I don't have a Solaris box right now): /etc/syslog.conf ... mail.* /var/log/maillog mail.* @192.168.1.3 # From test host # Cause it's not running a remote syslog server tcpdump -x -X -vvv dst host 192.168.1.3 logger -p mail.info TEST MESSAGE If I cat /var/log/maillog I see the "TEST MESSAGE" text. Also I can see the packets going to 192.168.1.3 HTH, Harry PS-> I don't know about you guys but for us that was alot of logging which is why we tuned down what we were sending across the wire. Also, if making sure that you have logs on both the client and server than you may wish to use TCP transport (which would require syslog-ng on the client). Quoting Atif Ghaffar <aghaffar@developer.ch>: *> Harry Hoffman wrote: *> *> > Hi Atif, *> > *> > Not sure on HP-UX but I can confirm that this works on Solaris and Linux. *> > I do something like: *> > mail.* /var/log/maillog *> > *.warn @loghost *> *> *> Hi Harry, *> *> Thanks for the quick reply, *> *> You are sending two entries to different destinations. *> *> Can you do: *> mail.* /var/log/maillog *> mail.* @loghost *> *> *> What we are trying to do is log everything localy as well as remotely. *> So if the remote server is down, the logs are localy present and *> if the server is compromised and the logs are deleted, there is still *> trace on syslog. *> *> best regards *> *> *> *> _______________________________________________ *> syslog-ng maillist - syslog-ng@lists.balabit.hu *> https://lists.balabit.hu/mailman/listinfo/syslog-ng *> Frequently asked questions at http://www.campin.net/syslog-ng/faq.html *> *> -- Harry Hoffman hhoffman@ip-solutions.net STANDARD DISCLAIMER: ********************************************** *This universe shipped by weight, not volume.* *Some expansion may have occured in shipping.* ********************************************** ------------------------------------------------- This mail sent through IpSolutions: http://www.ip-solutions.net/
Atif, On systems with non-broken syslogd you can even do more. This works just fine on my BSDi servers: *.err;kern.debug;auth.notice;mail.crit /dev/console *.notice;kern.debug;auth.info;mail.crit /var/log/messages mail.debug /var/log/maillog cron.info /var/log/cron local0.debug /var/log/proxynet local7.debug /var/log/ciscolog *.notice;auth.debug root *.emerg * kern.debug;auth.info @160.33.83.4 mail.crit @160.33.83.4 local0.crit @160.33.83.4 local7.debug @160.33.83.4 Note kern.debug going to three places and local7.debug going to two in the same way (approximately) as you are using. Len
participants (3)
-
Atif Ghaffar
-
Harry Hoffman
-
Leonard Mills