[syslog-ng]logging to file and remote host

Harry Hoffman syslog-ng@lists.balabit.hu
Thu, 28 Aug 2003 21:27:19 -0400 

Hi Atif,

Ok, right. Sorry about that. I can't test the Uni setup right now but this quick
test on my home linux network seems to work (I don't have a Solaris box right now):

/etc/syslog.conf
...
mail.* /var/log/maillog
mail.* @192.168.1.3

# From test host
# Cause it's not running a remote syslog server
tcpdump -x -X -vvv dst host 192.168.1.3
logger -p mail.info TEST MESSAGE

If I cat /var/log/maillog I see the "TEST MESSAGE" text. Also I can see the
packets going to 192.168.1.3

HTH,
Harry

PS-> I don't know about you guys but for us that was alot of logging which is
why we tuned down what we were sending across the wire.
Also, if making sure that you have logs on both the client and server than you
may wish to use TCP transport (which would require syslog-ng on the client).


Quoting Atif Ghaffar <aghaffar@developer.ch>:

*> Harry Hoffman wrote:
*> 
*> > Hi Atif,
*> >
*> > Not sure on HP-UX but I can confirm that this works on Solaris and Linux.
*> > I do something like:
*> > mail.* /var/log/maillog
*> > *.warn @loghost
*> 
*> 
*> Hi Harry,
*> 
*> Thanks for the quick reply,
*> 
*> You are sending two entries to different destinations.
*> 
*> Can you do:
*> mail.* /var/log/maillog
*> mail.* @loghost
*> 
*> 
*> What we are trying to do is log everything localy as well as remotely.
*> So if the remote server is down, the logs are localy present and
*> if the server is compromised and the logs are deleted, there is still
*> trace on syslog.
*> 
*> best regards
*> 
*> 
*> 
*> _______________________________________________
*> syslog-ng maillist  -  syslog-ng@lists.balabit.hu
*> https://lists.balabit.hu/mailman/listinfo/syslog-ng
*> Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
*> 
*> 


-- 
Harry Hoffman
hhoffman@ip-solutions.net

STANDARD DISCLAIMER:
**********************************************
*This universe shipped by weight, not volume.*
*Some expansion may have occured in shipping.*
**********************************************


-------------------------------------------------
This mail sent through IpSolutions: http://www.ip-solutions.net/