Re: Remote Syslog

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Tim Holmes wrote: 
Hello All:

I am trying to use one of my linux boxes to get information from my
foundry switches (and eventually a lot of other gear) using the syslog
facility.  This will be in addition to SNMP which I am already using via
CACTI

I have managed to configure things so that the messages are heading to
/var/logs/messages, but I cannot seem to get them to go to the device
specific files that I have designated.

Here is a copy of my /etc/syslog.conf file

# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.*                                                 /dev/console

# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none
/var/log/messages

# The authpriv file has restricted access.
authpriv.*                                              /var/log/secure

# Log all the mail messages in one place.
mail.*                                                  /var/log/maillog


# Log cron stuff
cron.*                                                  /var/log/cron

# Everybody gets emergency messages
*.emerg                                                 *

# Save news errors of level crit and higher in a special file.
uucp,news.crit                                          /var/log/spooler

# Save boot messages also to boot.log
local7.*
/var/log/boot.log


The following three configs won't work:

#send messages from Lancelot to Lancelot.log
192.168.0.225.*     /var/log/lancelot.log


#send messages from tristan. tristan.log
192.168.0.231.*    /var/log/tristan.log
tristan.*          /var/log/tristan.log



If anyone can help me out, what I would like is for each device to have
its own separate log file, and then I need suggestions on how to
properly view them etc


Syslog doesn't support IP addresses or hostnames as selectors, so the
last three lines won't work (I'm sort of amazed that syslog started at
all).

When the remote syslog sends a message, the receiving syslog uses the
normal selector stuff to handle the message.  Note that the message
received contains the hostname of the machine that sent it.
What you could do is, rather than logging to a file, feed the messages
to a series of filters that parse the message, find the hostname and
write an appropriate file.  You must create named pipes for each filter
first (via mkfifo(1)).  The filters can be awk, perl or shell scripts
(or C/C++ programs) that listen on the appropriate named pipe and
process the messages as they come in.  syslog alone can't do it.

If you need help on that, email me directly and I'll see what I can
do to assist you.
----------------------------------------------------------------------
- Rick Stevens, Senior Systems Engineer     rstevens@xxxxxxxxxxxxxxx -
- VitalStream, Inc.                       http://www.vitalstream.com -
-                                                                    -
- Do not taunt the sysadmins, for they are subtle and quick to anger -
----------------------------------------------------------------------

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux