Ho To Make All Logs To Go To a Specific File
 

Hi All,

I configured syslog RHEL 5.5 server successfully to collecting logs from HP-UX servers and Cisco devices. but my problem when I create logs file on syslog server for each servers and routers, I see all logs of HP-UX servers and Cisco devices on each log file I created on syslog server.

And see below for all configuration.
==============================
First On Client Server Ex. HP-UX Server
Hostname: ruxdb02
IP Address: 10.8.1.51
==============================
1. Log in as root

# more /etc/syslog.conf

# syslogd configuration file.
#
# See syslogd(1M) for information about the format of this file.
#
mail.debug /var/adm/syslog/mail.log
*.info;mail.none /var/adm/syslog/syslog.log
*.alert /dev/console
*.alert root
*.emerg *
*.debug<tab>@10.15.1.5

# more /etc/hosts

10.15.1.5 syslog

# /sbin/init.d/syslogd stop
# syslogd -v
# kill -HUP `cat /etc/syslog.pid`
# /sbin/init.d/syslogd start
==============================
Second On Syslog Server
Hostname: syslog
IP Address: 10.15.1.5
==============================
1. vi /etc/sysconfig/syslog

2. Change:
SYSLOGD_OPTIONS="-m 0"

To:
SYSLOGD_OPTIONS="-m 0 -r -x"

3. Restart the syslogd daemon

# /etc/init.d/syslog restart

And then you are received all logs on

/var/log/messages

4. and when i want to put all logs from different systems (Unix,windows,Cisco) into separate files on the red hat syslog
server

On the syslogd server - add for every client (UNIX, Windows, Cisco Devices)
in /etc/syslog.conf

# touch /var/log/ruxdb02.log
# touch /var/log/ruxdb01.log

# vi /etc/syslog.conf

+ruxdb02
*.* /var/log/ruxdb02.log

+ruxdb01
*.* /var/log/ruxdb01.log


Restart syslog daemon (after every edit on this file /etc/syslog.conf) .
# /etc/init.d/syslog restart
==================================================================
==========

After that I can now see all logs of ruxdb02 on all file I created, Or in any file will be created under /var/log .

/var/log/ruxdb02.log
/var/log/ruxdb01.log
/var/log/messages

Note:
# rpm -q --whatprovides syslog
sysklogd-1.4.1-46.el5


How I can solving this problem and make all logs go to specific file ?

or

what is the correct configuration lines in syslog server to make all logs go to specific file ?

Thanks and Best Regards

Hello, did you ever get any response to this or figure out how it should be done? I am looking to do exactly the same thing.

Thanks,

Russ

Can you describe better what you are trying to do? If you want different kinds of log messages in different files create more selective rules on your central syslog machine. *.* or *.debug is the least selective thing possible.

Show a few lines of each type if you can.

I have a server that I want to use as a syslog server for a number of Cisco devices. I can get it running and accumulate the syslog data but I would like each device to log to its own file. The object here is to be able to go directly to a specific file in the logging directory and see all of the messages for that device. I have made something I thought was going to work based on a syslog.conf example I found with a web search but...all of the device logs wound up in the same file. I believe that the syslog data has the IP address and the hostname in each message so "grep" would work but I believe that using separate files is a better solution.

I'll try to get some examples of what I found and post them later and the logging devices are Cisco routers, switches and firewalls. I am using sysklogd as the logging daemon but I am open to suggestions.

Thanks for the reply and in advance for any assistance you can render,

Russ

Both Ryslogd and Syslog-ng offer templates and filtering. "Old school" syslogd does not.