first post - newbie question
Hi All, Looking for good config example that: sets up syslog-ng as the central log server catching standard remote syslog hosts logs, placing them in hostname dirs, with all of the remotes hosts logfiles intact in the hostname dirs. Creating 'date' dirs above the hostname dirs would be sweet too. I've been googling around, but can't really find what I'm after. Did see this, which is essentially what I want, but it seemed to be left unanswered. http://www.syslog.org/forum/syslog-ng/individual-files/ Thanks for any pointers to docs/samples you can give me. Cheers, -C
Hi 2 sec of googling with "sample syslog-ng conf" and found http://www.campin.net/syslog-ng.conf It uses a lot of useless conf, but for what i understood, you have to use the following destination structure : # set it up destination std { file("/var/log/HOSTS/$HOST/$YEAR/$MONTH/$DAY/$FACILITY_$HOST_$YEAR_$MONTH_$DAY" owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes) ); }; For the source & option structure, i'm sure you'll find some usefull ones in this page. :) bye 2009/11/3 Christopher Barry <christopher.barry@rackwareinc.com>
Hi All,
Looking for good config example that: sets up syslog-ng as the central log server catching standard remote syslog hosts logs, placing them in hostname dirs, with all of the remotes hosts logfiles intact in the hostname dirs. Creating 'date' dirs above the hostname dirs would be sweet too.
I've been googling around, but can't really find what I'm after. Did see this, which is essentially what I want, but it seemed to be left unanswered. http://www.syslog.org/forum/syslog-ng/individual-files/
Thanks for any pointers to docs/samples you can give me.
Cheers, -C
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
On Tue, 2009-11-03 at 16:33 +0100, fredzy padzy wrote:
Hi
2 sec of googling with "sample syslog-ng conf" and found http://www.campin.net/syslog-ng.conf
It uses a lot of useless conf, but for what i understood, you have to use the following destination structure :
# set it up destination std { file("/var/log/HOSTS/$HOST/$YEAR/$MONTH/$DAY/$FACILITY_$HOST_ $YEAR_$MONTH_$DAY" owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes) ); };
For the source & option structure, i'm sure you'll find some usefull ones in this page.
:)
bye
2009/11/3 Christopher Barry <christopher.barry@rackwareinc.com> Hi All,
Looking for good config example that: sets up syslog-ng as the central log server catching standard remote syslog hosts logs, placing them in hostname dirs, with all of the remotes hosts logfiles intact in the hostname dirs. Creating 'date' dirs above the hostname dirs would be sweet too.
I've been googling around, but can't really find what I'm after. Did see this, which is essentially what I want, but it seemed to be left unanswered. http://www.syslog.org/forum/syslog-ng/individual-files/
Thanks for any pointers to docs/samples you can give me.
Cheers, -C
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
Thank You Fredzy. I did read that, but it did not seem to be what I wanted. I will re-read this. Thanks for your help. -C
On Tue, 2009-11-03 at 15:27 +0000, Christopher Barry wrote:
Hi All,
Looking for good config example that: sets up syslog-ng as the central log server catching standard remote syslog hosts logs, placing them in hostname dirs, with all of the remotes hosts logfiles intact in the hostname dirs. Creating 'date' dirs above the hostname dirs would be sweet too.
source s_remote { udp(); }; destination df_catch_all { file("/storage/syslog/hosts/$HOST/$YEAR/$MONTH/$DAY/$FACILITY" owner(root) group(root) perm(0644) dir_perm(0755) create_dirs(yes) ); }; log { source(s_remote); destination(df_catch_all); }; This creates the date directories below the hostnames. (This is not a full config file, just a partial.) Cheers, -- Matt Zagrabelny - mzagrabe@d.umn.edu - (218) 726 8844 University of Minnesota Duluth Information Technology Systems & Services PGP key 1024D/84E22DA2 2005-11-07 Fingerprint: 78F9 18B3 EF58 56F5 FC85 C5CA 53E7 887F 84E2 2DA2 He is not a fool who gives up what he cannot keep to gain what he cannot lose. -Jim Elliot
On Tue, 2009-11-03 at 09:36 -0600, Matt Zagrabelny wrote:
On Tue, 2009-11-03 at 15:27 +0000, Christopher Barry wrote:
Hi All,
Looking for good config example that: sets up syslog-ng as the central log server catching standard remote syslog hosts logs, placing them in hostname dirs, with all of the remotes hosts logfiles intact in the hostname dirs. Creating 'date' dirs above the hostname dirs would be sweet too.
source s_remote { udp(); };
destination df_catch_all { file("/storage/syslog/hosts/$HOST/$YEAR/$MONTH/$DAY/$FACILITY" owner(root) group(root) perm(0644) dir_perm(0755) create_dirs(yes) ); };
log { source(s_remote); destination(df_catch_all); };
This creates the date directories below the hostnames. (This is not a full config file, just a partial.)
Cheers,
Thanks Matt. I see the key is the destination definition and the final targeting of it. Much thanks for a clear answer. -C
participants (3)
-
Christopher Barry
-
fredzy padzy
-
Matt Zagrabelny