Visit Jeremy's Blog.
Go Back > Forums > Linux Forums > Linux - Distributions > SUSE / openSUSE
User Name
SUSE / openSUSE This Forum is for the discussion of Suse Linux.


  Search this Thread
Old 03-28-2007, 02:04 PM   #1
Registered: Nov 2005
Location: New Jersey, USA
Distribution: SuSE
Posts: 492

Rep: Reputation: 31
Centralized logging with syslog-ng

I have about eight boxes running. Most of them are SuSE - two 9.3 and five 10.2. There's also one IPcop box thrown in, and Solaris, Ubuntu, and FreeBSD on the way.

I'm really happy with the SuSE default syslog-ng configuration, how it accurately separates all of the logs into files based on source or level (mail, warn, acpi, etc.).

However, I want to setup a centralized logging server. All of the documentation I can find on doing this with syslog-ng tells about creating one file per server per day, like /var/log/$HOST/$HOST-$YEAR-$MONTH-$DAY.log.

Is there any simple way to preserve the SuSE default files (mail, messages, warn, etc.) but just put them in a host-specific directory, i.e. on the centralized server I'd have:
/var/log/HOST1/{messages, mail, warn, etc.}
/var/log/HOST2/{messages, mail, warn, etc.}
/var/log/HOST3/{messages, mail, warn, etc.}
and also local in the default way, like
/var/log/{messages, mail, warn, etc.}
Old 03-30-2007, 07:25 AM   #2
Registered: Dec 2006
Distribution: openSUSE 10.3
Posts: 260

Rep: Reputation: 30
You could add a source and a destination for each machine that sends its syslog, and set the filters accordingly in /etc/syslog-ng/syslog-ng.conf of the logging server, like this:
source HOST1 {udp(ip("HOST_1_IP_ADDRESS") port(514)};
destination HOST1_MESSAGES {file("/var/log/HOST1/messages");};
log{ source(HOST1); filter(f_messages); destination(HOST1_MESSAGES);};
; doing this for many machines is cumbersome, so you may need to use some bash scripting.

Last edited by auxsvr; 03-30-2007 at 07:27 AM.
Old 03-30-2007, 08:57 PM   #3
Registered: Nov 2005
Location: New Jersey, USA
Distribution: SuSE
Posts: 492

Original Poster
Rep: Reputation: 31
thanks. I'll try it sometime this weekend...


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Centralized Syslog Server Using syslog-NG LXer Syndicated Linux News 0 04-28-2006 06:21 PM
Logging/syslog s0n|k Linux - Newbie 2 03-13-2006 07:36 PM
Logging firewall with syslog-ng? RecoilUK Linux - Security 1 08-06-2005 04:28 PM
syslog running but not logging tantric Linux - Security 1 10-15-2003 07:24 AM
logging information into syslog prisam Linux - Security 1 08-05-2003 09:58 AM > Forums > Linux Forums > Linux - Distributions > SUSE / openSUSE

All times are GMT -5. The time now is 08:36 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration