[syslog-ng] how to push sulogs/utmpx/wtmpx to central logserver
Hendrik Visage
hvjunk at gmail.com
Thu Mar 31 20:52:40 CEST 2011
On Thu, Mar 31, 2011 at 3:10 PM, Tony MacDoodle <tpsdoodle at gmail.com> wrote:
> Hello All,
>
> I would like to push only the following log files to a central syslog-ng
> server. All clients are Solaris 10 and the syslog-ng server is also Solaris
> 10. IS it possible to push only this information?
>
> wtmpx
This file DO grow, but it's a binary file. Refer to wtmpx/utmpx(5).
You would most probably need to write some C program to check for
changes, then read the last entry (or search for the changed entry, as
I might be wrong, be understood it to be changing the previous entry
when a user logs out, rather than addind a new entry)
> utmpx
This is a state file, more than anything else, the currently logged in
users. It doesn't grow, other than to the size of the size of Number
of logged in users)*sizeof(struct utmpx) as defined in <utmpx.h>
(Refer to endutxent(3) and utmpx(5) )
Thus to log this, you'll be duplicating the wtmpx logging, as changes
to that affects changes to this file.
> sulog
This is "easy" as have been explained
More information about the syslog-ng
mailing list