Syslog Question (Receiving Remote Logs).
NICK
linickx at gmail.com
Wed Jan 26 10:41:18 UTC 2005
Thanks for your suggestions people,
I think syslog_ng is the way forward :)
rgds
Nick
On Mon, 24 Jan 2005 18:20:41 -0600, Tim Sheets
<tsheetspublic at insightbb.com> wrote:
> [NICK] wrote:
>
> > Hi,
> > I'm having trouble finding what I need... :-(
> >
> > Does anyone know if it's possible to take incoming logs and write
> > different files for different sources ?
> >
> > e.g. I have a Firewall , Mail Server & File Server. I've setup the
> > file server to receive logs from the firewall & mail server (using
> > @fileserver in syslog.conf).
> >
> > All logs from these two machines then get written into
> > /var/log/messages on the file server.
> >
> > What I'd rather have is /var/log/firewall.log &
> > /var/log/mailserver.log .... and leave /var/log/messages for _only_
> > the fileserver messages.
>
>
> I'm not sure how to tell the other machine's logging processes to use a
> specific facility, but if you can find out how to specify that, once
> they're tagged with a specific facility, you can set up the syslog
> server's configuration to send those facilities to a separate log file.
>
> Another alternative that I have played with is syslog-ng. It's a
> syslogd/klogd replacement with many options on breaking out log files
> (host name, IP, facility, date, etc....)
>
> http://www.balabit.com/products/syslog_ng/
>
> HTH,
>
> Tim
>
More information about the users
mailing list