LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices


Reply
  Search this Thread
Old 04-09-2004, 09:48 AM   #1
cpgeorge
LQ Newbie
 
Registered: Apr 2004
Location: Norfolk, Ne
Distribution: RedHat 7 and 9
Posts: 12

Rep: Reputation: 0
Customizing syslog


I am running iMail 8.02 for a mail server. iMail is setup to send the mail log to *.info, when logging to an external syslog host. I would like to set it up to log the mail information to another log facility to make the logs more manageable. I have searched Google and message boards for a way to configure syslog to filter out specific hosts from one log and enter them into another log file. But I have not found a solution. If someone can help me out with this I would greatly appreciate it. I am running RH 7 if that helps.

Thanks for any help you can can provide on this.
George
 
Old 04-11-2004, 06:14 AM   #2
hw-tph
Senior Member
 
Registered: Sep 2003
Location: Sweden
Distribution: Debian
Posts: 3,032

Rep: Reputation: 58
I suppose it all comes down to what syslog you use. I use syslog-ng and it provides ample resources for customizing. Here is a good primer from LinuxJournal's security expert Mick Bauer.


Håkan
 
Old 04-12-2004, 10:29 AM   #3
cpgeorge
LQ Newbie
 
Registered: Apr 2004
Location: Norfolk, Ne
Distribution: RedHat 7 and 9
Posts: 12

Original Poster
Rep: Reputation: 0
Thanks Håkan for you reply. It does not quite answer what I need to do though. What I need to do is log different hosts to different log files—even if the hosts all send on the same facility.

As for what Syslog we are using it is just the one that standard with RH7

I hope this helps out more on what I am looking to do.

Thanks again George
 
Old 04-12-2004, 06:47 PM   #4
hw-tph
Senior Member
 
Registered: Sep 2003
Location: Sweden
Distribution: Debian
Posts: 3,032

Rep: Reputation: 58
I assume the syslog in Redhat 7 is syslog-ng as this is the most widely used syslog nowadays. Host-based differentiation is pretty common with syslog servers (that keeps logs for several different systems). Have a look at the example below.

Code:
options { long_hostnames(on); sync(0); };

source src { udp 0.0.0.0,514; unix-stream /dev/log; internal; };

filter f_sendmail { program("sendmail"); };
filter f_host1 { host("host1"); };
filter f_host2 { host("host2"); };

destination sendmail { file /var/log/sendmail; };
destination host1 { file /var/log/host1; };
destination host2 { file /var/log/host2; };

log { source src; filter f_sendmail; destination sendmail; };
log { source src; filter f_host1; destination host1; };
log { source src; filter f_host2; destination host2; };
(Gleefully pirated from an article in the LinuxGazette)


Håkan

Last edited by hw-tph; 04-12-2004 at 06:48 PM.
 
Old 04-13-2004, 04:08 PM   #5
wedgeworth
Member
 
Registered: Aug 2003
Posts: 234

Rep: Reputation: 30
i'm also trying to get my syslog to redirect logs to different files....what was the final outcome here. was anyone able to edit configurations to redirect certain entries to places other than say....messages?
 
Old 04-13-2004, 05:24 PM   #6
hw-tph
Senior Member
 
Registered: Sep 2003
Location: Sweden
Distribution: Debian
Posts: 3,032

Rep: Reputation: 58
Yes, but it's not really easy before you get used to it. Here is the syslog-ng.conf I use on my laptop:
Code:
options { 
	long_hostnames(on); 
	sync(0); 

	# The default action of syslog-ng 1.6.0 is to log a STATS line
	# to the file every 10 minutes.  That's pretty ugly after a while.
	# Change it to every 12 hours so you get a nice daily update of
	# how many messages syslog-ng missed (0).
	stats(43200); 
};

source src { unix-stream("/dev/log"); internal(); pipe("/proc/kmsg"); };

destination messages { file("/var/log/messages"); };

# By default messages are logged to tty12...
destination console_all { file("/dev/tty12"); };
# ...if you intend to use /dev/console for programs like xconsole
# you can comment out the destination line above that references /dev/tty12
# and uncomment the line below.
#destination console_all { file("/dev/console"); };

log { source(src); destination(messages); };
log { source(src); destination(console_all); };

# --- ADDED BY HW ----------------------------------------------------------
# --- FILTERS ----
filter f_bootlog { facility(local7); };
filter f_authlog { facility(auth,authpriv); };
filter f_cronlog { facility(cron); };
filter f_kernlog { facility(kern); };

# --- DESTINATIONS ---
destination authlog {
   file("/var/log/auth.log" 
         sync(0) log_fifo_size(10) create_dirs(yes) 
         owner(root) group(adm) perm(0660) dir_perm(0770));
};

destination kernlog {
   file("/var/log/kernel.log" 
         sync(0) log_fifo_size(10) create_dirs(yes) 
         owner(root) group(adm) perm(0660) dir_perm(0770));
};
destination cronlog {
   file("/var/log/cron.log" 
         sync(0) log_fifo_size(10) create_dirs(yes) 
         owner(root) group(adm) perm(0660) dir_perm(0770));
};

destination bootlog {
   file("/var/log/boot.log" 
         sync(0) log_fifo_size(10) create_dirs(yes) 
         owner(root) group(system) perm(0660) dir_perm(0770));
};

# --- LOGS ---
log { source(src);
      filter(f_bootlog);
      destination(bootlog);
};

log { source(src);
      filter(f_authlog);
      destination(authlog);
};

log { source(src);
      filter(f_cronlog);
      destination(cronlog);
};

log { source(src);
      filter(f_kernlog);
      destination(kernlog);
};

Håkan
 
Old 04-14-2004, 10:02 AM   #7
wedgeworth
Member
 
Registered: Aug 2003
Posts: 234

Rep: Reputation: 30
thnx for the help. i'm also running rh 7. however, i have no syslog-ng.conf file. i just have a regular syslog.conf file. it looks like this:

# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console

# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none /var/log/messages

# The authpriv file has restricted access.
authpriv.* /var/log/secure

# Log all the mail messages in one place.
mail.* /var/log/maillog


# Log cron stuff
cron.* /var/log/cron

# Everybody gets emergency messages
*.emerg *

# Save news errors of level crit and higher in a special file.
uucp,news.crit /var/log/spooler

# Save boot messages also to boot.log
local7.* /var/log/boot.log



will you config file example "work" at all like mine would. or am i to start looking for other examples with other syntax, or that work and redierct logs completely different. sorry i don't know enough about this. i haven't really ever gotten into watching and/or tweaking any system logs before.
 
Old 04-15-2004, 09:08 AM   #8
cpgeorge
LQ Newbie
 
Registered: Apr 2004
Location: Norfolk, Ne
Distribution: RedHat 7 and 9
Posts: 12

Original Poster
Rep: Reputation: 0
We have syslog-ng up and running locally. But we need to be able to receive logs from remote equipment that does not have the capability of sending the logs secure—such as routers. I have found a lot on how to set syslog-ng to receive remote logs securely but can anyone help me on how to receive unsecured remote logs. Thank you for all you help.
 
Old 04-28-2004, 01:29 PM   #9
cpgeorge
LQ Newbie
 
Registered: Apr 2004
Location: Norfolk, Ne
Distribution: RedHat 7 and 9
Posts: 12

Original Poster
Rep: Reputation: 0
Quote:
Originally posted by cpgeorge
We have syslog-ng up and running locally. But we need to be able to receive logs from remote equipment that does not have the capability of sending the logs secure—such as routers. I have found a lot on how to set syslog-ng to receive remote logs securely but can anyone help me on how to receive unsecured remote logs. Thank you for all you help.
Can anyone point me in the right direction to learn how to do this? I really like syslog-ng but can not use it unless I can remotely log some things unsecure.

Thanks for any help anyone can provide on this.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Customizing Sk8trf69 Linux - General 6 06-05-2005 11:16 PM
customizing xdm drrnsk8ter4 Linux - Software 1 04-16-2004 05:17 PM
syslog, iptables, and customizing the output JFoster Linux - General 0 11-29-2003 01:12 AM
Customizing SnowSurfAir Linux - Software 11 06-05-2003 07:43 AM
Customizing iHeru Linux - Newbie 3 05-08-2003 08:05 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - General

All times are GMT -5. The time now is 10:20 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration