Thanks for your suggestions people, I think syslog_ng is the way forward :) rgds Nick On Mon, 24 Jan 2005 18:20:41 -0600, Tim Sheets <tsheetspublic@xxxxxxxxxxxxx> wrote: > [NICK] wrote: > > > Hi, > > I'm having trouble finding what I need... :-( > > > > Does anyone know if it's possible to take incoming logs and write > > different files for different sources ? > > > > e.g. I have a Firewall , Mail Server & File Server. I've setup the > > file server to receive logs from the firewall & mail server (using > > @fileserver in syslog.conf). > > > > All logs from these two machines then get written into > > /var/log/messages on the file server. > > > > What I'd rather have is /var/log/firewall.log & > > /var/log/mailserver.log .... and leave /var/log/messages for _only_ > > the fileserver messages. > > > I'm not sure how to tell the other machine's logging processes to use a > specific facility, but if you can find out how to specify that, once > they're tagged with a specific facility, you can set up the syslog > server's configuration to send those facilities to a separate log file. > > Another alternative that I have played with is syslog-ng. It's a > syslogd/klogd replacement with many options on breaking out log files > (host name, IP, facility, date, etc....) > > http://www.balabit.com/products/syslog_ng/ > > HTH, > > Tim >
