LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 12-17-2008, 11:15 AM   #1
OlRoy
Member
 
Registered: Dec 2002
Posts: 304

Rep: Reputation: 86
Sending 3rd party logs to remote syslog server


Hey guys, I have a couple questions...

1. Is it possible to send 3rd party application logs like webmin.log to a remote logging server using syslog or syslog-ng if that 3rd party software doesn't officially support syslog messages?

2. I have the client using regular syslog and the server using syslog-ng with the following config, which works for sending firewall logs to firewall.log.

Code:
source sf_source { udp (); };
destination df_destination { file("/var/log/$HOST/firewall.log"); };
filter f_firewall { host( "192.168.127.131" ) and match(".*kernel.*(INBOUND|OUTBOUND)"); };
log { source ( sf_source ); filter( f_firewall ); destination ( df_destination ); };
However, firewall logs are the only logs I'm getting from that host. What's the easiest way to also get all other system logs to the same /var/log/$HOST folder with the appropriate log name such as auth.log, messages, mail.log, etc.?
 
Old 12-21-2008, 09:45 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,666
Blog Entries: 54

Rep: Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953
Quote:
Originally Posted by OlRoy View Post
Is it possible to send 3rd party application logs like webmin.log to a remote logging server using syslog or syslog-ng if that 3rd party software doesn't officially support syslog messages?
With Syslog-ng you should be able to use "source s_file { file("/path/to/logfile"};"


Quote:
Originally Posted by OlRoy View Post
However, firewall logs are the only logs I'm getting from that host.
Maybe because you're using a filter of "match(".*kernel.*(INBOUND|OUTBOUND)")"?


Quote:
Originally Posted by OlRoy View Post
What's the easiest way to also get all other system logs to the same /var/log/$HOST folder with the appropriate log name such as auth.log, messages, mail.log, etc.?
How does syslog determine what messages go where? (facility.priority) What types of corresponding filters do you have in Syslog-ng?
 
Old 12-24-2008, 01:35 PM   #3
OlRoy
Member
 
Registered: Dec 2002
Posts: 304

Original Poster
Rep: Reputation: 86
Unspawn, thanks for the answer for the first question, I'll use syslog-ng on the client as well. As for the second, I've spent some more time messing around with syslog-ng and this config seems to do what I want.

Code:
###IPTable logs go to iptables.log###

# all known message sources
source s_all {
        # message generated by Syslog-NG
        internal();
        # standard Linux log source (this is the default place for the syslog()
        # function to send logs to)
        unix-stream("/dev/log");
        # messages from the kernel
        file("/proc/kmsg" log_prefix("kernel: "));
        # use the following line if you want to receive remote UDP logging messages
        # (this is equivalent to the "-r" syslogd flag)
        udp();
};

destination iptables {
        file("/var/log/HOSTS/$HOST/iptables.log"); };

filter f_iptables { host( "192.168.127.131" ) and match(".*kernel.*(INBOUND|OUTBOUND)"); };

log {
        source(s_all);
        destination(iptables);
        filter(f_iptables);
};


###Everything but IPTable logs goes to $FACILITY.log###
destination dst {
        file ("/var/log/HOSTS/$HOST/$FACILITY.log"); };
filter f_noiptables { not match(".*kernel.*(INBOUND|OUTBOUND)"); };
log {
        source(s_all);
        destination(dst);
        filter(f_noiptables);
};
 
Old 12-24-2008, 07:06 PM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,666
Blog Entries: 54

Rep: Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953
Thanks for posting back your config wrt facility usage, much appreciated.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
netconsole not sending syslog messages to remote machine cygnus-x1 Linux - General 1 12-06-2007 06:47 PM
syslog server receives logs from remote device dwarf007 Linux - Security 3 01-24-2007 08:49 AM
Linksys Media Center Extender + 3rd party linux server software kurrupt Linux - Hardware 0 10-15-2005 10:13 AM
Getting logs from a remote syslog ganninu Linux - Newbie 4 09-10-2003 10:05 AM


All times are GMT -5. The time now is 04:10 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration