[syslog-ng] Re: logs written twice
Nick Baronian
kvetch at gmail.com
Thu Nov 2 14:47:42 CET 2006
Thanks for the help guys and sorry for my confusion.
Ged - the logs on this server are needed for some semi non-technical
(auditors) people who
already have scripts that analyze logs off the different *Nix boxes.
Since each script is tailored to each log/server my boss asked if I
could make it easy on them and keep the same name schema as it is on
the local servers.
-Nick
On 11/2/06, G.W. Haywood <ged at jubileegroup.co.uk> wrote:
> Hi there,
>
> On Thu, 2 Nov 2006 Nick Baronian wrote:
>
> > > > Is there a way I can duplicate the name schema the remote box is using
> > >
> > > I don't know exactly what you mean by that, and I do't think I'd know
> > > the answer if I did. :)
> >
> > What I mean is if I have two boxes I want to log to this syslog-ng
> > server, one is an old Unix box that is logging *.info;mail.none
> > locally to /var/adm/syslog/syslog.log and the other is a RH Linux box
> > that logs *.info;mail.none locally to /var/log/messages is there a way
> > the remote syslog-ng server can be configured to write the
> > *.info;mail.none for the Linux box to a messages file and for logs it
> > receives from the Unix box to a syslog.log file?
>
> That should be no problem at all, but I think you're going to have to
> knuckle down and read the documentation. You'd tell the two boxes to
> log to the logging server and create a few rules on the logging server
> which log to different places depending on which of the two boxes sent
> the log message. If I were doing it, I'd have the two boxes decide
> what to log and the logging server decide only where (which file) to
> log it in. Otherwise you might create a lot of network traffic which
> contained information that would be discarded by the logging server.
>
> You seem to attach some significance to the names of these logfiles.
> Is there a reason for that?
>
> --
>
> 73,
> Ged.
> _______________________________________________
> syslog-ng maillist - syslog-ng at lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
>
>
More information about the syslog-ng
mailing list