Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I am running iMail 8.02 for a mail server. iMail is setup to send the mail log to *.info, when logging to an external syslog host. I would like to set it up to log the mail information to another log facility to make the logs more manageable. I have searched Google and message boards for a way to configure syslog to filter out specific hosts from one log and enter them into another log file. But I have not found a solution. If someone can help me out with this I would greatly appreciate it. I am running RH 7 if that helps.
Thanks for any help you can can provide on this.
George
I suppose it all comes down to what syslog you use. I use syslog-ng and it provides ample resources for customizing. Here is a good primer from LinuxJournal's security expert Mick Bauer.
Thanks Håkan for you reply. It does not quite answer what I need to do though. What I need to do is log different hosts to different log files—even if the hosts all send on the same facility.
As for what Syslog we are using it is just the one that standard with RH7
I hope this helps out more on what I am looking to do.
I assume the syslog in Redhat 7 is syslog-ng as this is the most widely used syslog nowadays. Host-based differentiation is pretty common with syslog servers (that keeps logs for several different systems). Have a look at the example below.
i'm also trying to get my syslog to redirect logs to different files....what was the final outcome here. was anyone able to edit configurations to redirect certain entries to places other than say....messages?
thnx for the help. i'm also running rh 7. however, i have no syslog-ng.conf file. i just have a regular syslog.conf file. it looks like this:
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none /var/log/messages
# The authpriv file has restricted access.
authpriv.* /var/log/secure
# Log all the mail messages in one place.
mail.* /var/log/maillog
# Log cron stuff
cron.* /var/log/cron
# Everybody gets emergency messages
*.emerg *
# Save news errors of level crit and higher in a special file.
uucp,news.crit /var/log/spooler
# Save boot messages also to boot.log
local7.* /var/log/boot.log
will you config file example "work" at all like mine would. or am i to start looking for other examples with other syntax, or that work and redierct logs completely different. sorry i don't know enough about this. i haven't really ever gotten into watching and/or tweaking any system logs before.
We have syslog-ng up and running locally. But we need to be able to receive logs from remote equipment that does not have the capability of sending the logs secure—such as routers. I have found a lot on how to set syslog-ng to receive remote logs securely but can anyone help me on how to receive unsecured remote logs. Thank you for all you help.
Originally posted by cpgeorge We have syslog-ng up and running locally. But we need to be able to receive logs from remote equipment that does not have the capability of sending the logs secure—such as routers. I have found a lot on how to set syslog-ng to receive remote logs securely but can anyone help me on how to receive unsecured remote logs. Thank you for all you help.
Can anyone point me in the right direction to learn how to do this? I really like syslog-ng but can not use it unless I can remotely log some things unsecure.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.