LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)
-   -   How can we config to display facility/priority column in syslog output (RHELAS 4) (https://www.linuxquestions.org/questions/linux-server-73/how-can-we-config-to-display-facility-priority-column-in-syslog-output-rhelas-4-a-638570/)

LiXin 04-29-2008 01:32 AM
How can we config to display facility/priority column in syslog output (RHELAS 4)
 
Dear Buddys,
I'm using a Linux RedHat AS 4.4 as a syslog server to receive AIX & HPUX servers's syslog, However, I can not see the facility & priority column displayed in syslog output file of linux syslog. Event I can put the information with different priority into different files by config /etc/syslog.conf.
As we know in HPUX, there is a parameter for syslogd (-v) to display the facility & priority code, by default, AIX syslog will display these two columns.
Just want to know if there is any Linux syslogd switch which can open the facility & priority displaying ?


AIX example:
Apr 24 19:32:49 pg_mi_tr1 auth|security:notice su: from root to tivoli at /dev/pts/0
Apr 24 19:32:53 pg_mi_tr1 auth|security:notice su: from root to tivoli at /dev/pts/0
Apr 24 19:32:55 pg_mi_tr1 auth|security:crit su: BAD SU from tivoli to root at /dev/pts/0


HPUX example:
Apr 1 16:05:19 6E:xc10000 sshd[15747]: Did not receive identification string from UNKNOWN
Apr 1 18:19:34 6V:xc10000 ftpd[19078]: FTP LOGIN FROM 134.98.105.112 [134.98.105.112], root
Apr 1 18:20:27 6V:xc10000 ftpd[19078]: FTP session closed

However,in RHEL:
Mar 31 19:34:43 134.96.70.22 nisd[790]: _svcauth_des: invalid timestamp received from unix.xc10000@LJ.net
Mar 31 19:34:44 134.96.70.22 ftpd[15058]: pam_authenticate: Authentication failed
Mar 31 19:34:44 134.96.70.22 ftpd[15058]: User root: Login incorrect

rgerhards 04-29-2008 06:43 AM
You can not do this with sysklogd which ships wiht RH AS 4.4. I suggest that you have a look at rsyslog - http://www.rsyslog.com - this is the default syslogd on Fedora 8+ and has recently been brought to RHEL 5.2. and, ummm, I am the author - so there is certain bias ;)

Rainer

LiXin 04-29-2008 11:31 AM
Dear rgerhards, appreciate for your advice, I'm taking look at rsyslog,
Does version 3.17.1 support to deploy to REHL AS 4.4 ?

rgerhards 04-30-2008 01:10 AM
Hi, I have seen that you managed to install rsyslog (via post on the rsyslog forum). But for all others: I do not provide RPMs myself (lack of know how on so many platforms), but there are packages available for most platforms. rsyslog also has an installation guide on how to install it from source, available right from the web site:

http://www.rsyslog.com/doc-install.html

HTH
Rainer

LiXin 04-30-2008 11:03 AM
Yes, I've successful got the priority recorded via rsyslog. It's really a powerful and flexible toolkit. Many thanks for your help.

btw: I used to encounter that rsyslogd keep consuming a high cpu usage, after restarting the rsyslog daemon, it return to normal status. I'm not sure what happened at that time. Anyway I'll report to rsyslog forum if the problem can be identified.

LiXin 04-30-2008 11:09 AM
hmm... Is there any problem with rsyslog home page?
always show "404 - Document Not Found! " for most links.


All times are GMT -5. The time now is 08:16 AM.