Customizing syslog
I am running iMail 8.02 for a mail server. iMail is setup to send the mail log to *.info, when logging to an external syslog host. I would like to set it up to log the mail information to another log facility to make the logs more manageable. I have searched Google and message boards for a way to configure syslog to filter out specific hosts from one log and enter them into another log file. But I have not found a solution. If someone can help me out with this I would greatly appreciate it. I am running RH 7 if that helps.
Thanks for any help you can can provide on this. George |
I suppose it all comes down to what syslog you use. I use syslog-ng and it provides ample resources for customizing. Here is a good primer from LinuxJournal's security expert Mick Bauer.
Håkan |
Thanks Håkan for you reply. It does not quite answer what I need to do though. What I need to do is log different hosts to different log files—even if the hosts all send on the same facility.
As for what Syslog we are using it is just the one that standard with RH7 I hope this helps out more on what I am looking to do. Thanks again George |
I assume the syslog in Redhat 7 is syslog-ng as this is the most widely used syslog nowadays. Host-based differentiation is pretty common with syslog servers (that keeps logs for several different systems). Have a look at the example below.
Code:
options { long_hostnames(on); sync(0); }; Håkan |
i'm also trying to get my syslog to redirect logs to different files....what was the final outcome here. was anyone able to edit configurations to redirect certain entries to places other than say....messages?
|
Yes, but it's not really easy before you get used to it. Here is the syslog-ng.conf I use on my laptop:
Code:
options { Håkan |
thnx for the help. i'm also running rh 7. however, i have no syslog-ng.conf file. i just have a regular syslog.conf file. it looks like this:
# Log all kernel messages to the console. # Logging much else clutters up the screen. #kern.* /dev/console # Log anything (except mail) of level info or higher. # Don't log private authentication messages! *.info;mail.none;authpriv.none;cron.none /var/log/messages # The authpriv file has restricted access. authpriv.* /var/log/secure # Log all the mail messages in one place. mail.* /var/log/maillog # Log cron stuff cron.* /var/log/cron # Everybody gets emergency messages *.emerg * # Save news errors of level crit and higher in a special file. uucp,news.crit /var/log/spooler # Save boot messages also to boot.log local7.* /var/log/boot.log will you config file example "work" at all like mine would. or am i to start looking for other examples with other syntax, or that work and redierct logs completely different. sorry i don't know enough about this. i haven't really ever gotten into watching and/or tweaking any system logs before. |
We have syslog-ng up and running locally. But we need to be able to receive logs from remote equipment that does not have the capability of sending the logs secure—such as routers. I have found a lot on how to set syslog-ng to receive remote logs securely but can anyone help me on how to receive unsecured remote logs. Thank you for all you help.
|
Quote:
Thanks for any help anyone can provide on this. |
All times are GMT -5. The time now is 07:08 AM. |