syslog vs syslog-ng

XaViaR · 06-14-2005, 10:56 AM

Hello,

I am trying to create a syslog server. I am using SLES 9.0, and I would like create a syslog server that accepts incoming syslogs; however, I would like them appended to their own folder. For example, if 192.168.1.1 is my syslog server, and 192.168.1.5 is a client. I would like to write 192.168.1.5 logs to 192.168.1.1 --> to the following directory: /var/log/syslog/192.168.1.5/{all the logs go here}

My question to you is how do I do this?? :-) Is syslog able to do this? Or is this just a feature within syslog-ng?

-X

If my example is not clear, please post and I will verify any questions. Thanks!!

acid_kewpie · 06-14-2005, 12:35 PM

looks pretty simple:

http://sial.org/howto/logging/syslog-ng/

just use $HOST in the destination name.

(please try to reply to posts if they help you btw... it's only polite)

daly1 · 06-14-2005, 12:56 PM

Nope, that is something only available with syslog-ng.

acid_kewpie · 06-14-2005, 02:44 PM

hmm.. helps to fully read the question. yeah .. syslog-ng only. that's what's so -ng'y about it.

daly1 · 06-14-2005, 08:17 PM

acid_kewpie, I did read it. I was answering, got called into a meeting, came back, pressed post, the page refreshed, I saw your post, felt silly, then you made it even worse LOL

XaViaR · 06-15-2005, 08:46 AM

Thank you for all your help!!! :-) I will post a replay once I get everything working!

XaViaR · 06-15-2005, 11:42 AM

Do you think that you can paste your syslog-ng.conf.ini file, so I can see where exactly to add $HOST.

Thanks,

acid_kewpie · 06-16-2005, 03:53 PM

i've never done it myself, but that link gives all the exmaples you'd need, e.g.

Code:

destination messages {
file("/var/log/archive/messages/$R_YEAR/$R_MONTH/$R_YEAR-$R_MONTH-$R_DAY"
template("$ISODATE <$FACILITY.$PRIORITY> $HOST $MSG\n")
template_escape(no)
);
};

oneandoneis2 · 06-16-2005, 04:28 PM

I never got on with syslog-ng. I found metalog a lot easier to configure.

XaViaR · 06-17-2005, 09:15 AM

Thank you for all of your help! :-)

Below is how I installed and configured syslog-ng to run under SLES 9.0...

1. I installed syslog-ng from Yast, and installed updates.
2. I downloaded the syslog-ng "expanded sample syslog-ng conf file" from http://www.campin.net/syslog-ng/expanded-syslog-ng.conf
3. I replaced /etc/syslog-ng/syslog-ng.conf with the "expanded sample syslog-ng conf file."
4. By default, the expanded syslog-ng file uses tcp on port 4800. However, if you would like to change it to use upd on port 514. Then replace this lines:
source s_tcp
{ tcp(port(4800) keep-alive(yes) max_connections(100)); };

with this line:
source s_udp
{ udp(port(514)); };
5. Search the syslog-ng file for s_tcp and replace ALL of them with s_udp (except the commented ones) :-)
6. Edit /etc/sysconfig/syslog and change the following line to read: SYSLOG_DAEMON="syslog-ng"
7. Restart the service!

I hope this helps someone! :-)

-X

P.S.
Thanks again for all your help!