Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: syslog-ng.conf
Operating Systems Solaris syslog-ng.conf Post 302173153 by Tornado on Wednesday 5th of March 2008 07:37:07 PM
Old 03-05-2008
syslog-ng.conf
Has anyone here configured a central syslog server using syslog-ng ?

I have set one up and I'm trying to tune the syslog-ng.conf file, both for the server and the client. I have found lots of linux example files, but not much on Solaris which is slightly different.

So if you have a Solaris syslog-ng.conf or have any links to some I would love to see them.

This is what I have:
Server:
Code:
#
# syslog-ng server configuration:
#

options
  {
    sync (0);
    stats (0);
    chain_hostnames(no);
    create_dirs (yes);
    dir_perm(0755);
    dns_cache(yes);
    keep_hostname(yes);
    log_fifo_size(2048);
    long_hostnames(on);
    perm(0644);
    time_reopen (10);
    use_dns(yes);
  };

source s_local  { sun-streams ("/dev/log" door("/var/run/syslog_door")); internal(); };
source s_remote { tcp(); };

#----------------------------------------------------------------------
#  Standard Log file locations
#----------------------------------------------------------------------
destination d_cons      { file("/dev/console"); };
destination d_mesg      { file("/var/adm/messages"); };
destination d_mail      { file("/var/log/syslog"); };
destination d_auth      { file("/var/log/authlog"); };
destination d_mlop      { usertty("operator"); };
destination d_mlrt      { usertty("root"); };
destination d_mlal      { usertty("*"); };

#----------------------------------------------------------------------
#  Remote logs sorting by host
#----------------------------------------------------------------------
destination d_clients       { file("/var/log/HOSTS/$HOST/$R_YEAR/$R_MONTH/$R_DAY/$FACILITY"); };

#----------------------------------------------------------------------
#  Standard filters for the standard destinations.
#----------------------------------------------------------------------
filter f_filter1   { level(err) or
                     (level(notice) and facility (auth, kern)); };
filter f_filter2   { level(err) or
                     (facility(kern) and level(notice)) or
                     (facility(daemon) and level(notice)) or
                     (facility(mail) and level(crit)); };
filter f_filter3   { level(alert) or
                     (facility(kern) and level(err)) or
                     (facility(daemon) and level(err)); };
filter f_filter4   { level(alert); };
filter f_filter5   { level(emerg); };
filter f_filter6   { facility(kern) and level(notice); };
filter f_filter7   { facility(mail) and level(debug); };
filter f_filter8   { facility(user) and level(err); };
filter f_filter9   { facility(user) and level(alert); };

#----------------------------------------------------------------------
#  Standard logging
#----------------------------------------------------------------------
log { source(s_local); filter(f_filter1); destination(d_cons); };
log { source(s_local); filter(f_filter2); destination(d_mesg); };
log { source(s_local); filter(f_filter3); destination(d_mlop); };
log { source(s_local); filter(f_filter4); destination(d_mlrt); };
log { source(s_local); filter(f_filter5); destination(d_mlal); };
log { source(s_local); filter(f_filter6); destination(d_auth); };
log { source(s_local); filter(f_filter7); destination(d_mail); };
log { source(s_local); filter(f_filter8); destination(d_cons);
                                        destination(d_mesg); };
log { source(s_local); filter(f_filter9); destination(d_mlop);
                                        destination(d_mlrt); };

#----------------------------------------------------------------------
#  Remote logging
#----------------------------------------------------------------------
log { source(s_remote); destination(d_clients); };

##########################################
##        NOT SURE IF I NEED THIS       ##
##########################################
#----------------------------------------------------------------------
#  Special catch all destination sorting by host
#----------------------------------------------------------------------
log { source(s_local); source(s_remote); destination(d_clients); };

Client:
Code:
#
# syslog-ng client configuration: some local logs, in addition to TCP
# logging to central loghost.
#

options
  {
    sync (0);
    stats (0);
    chain_hostnames(no);
    create_dirs (yes);
    dir_perm(0755);
    dns_cache(yes);
    keep_hostname(yes);
    log_fifo_size(2048);
    long_hostnames(on);
    perm(0644);
    time_reopen (10);
    use_dns(yes);
  };

source s_local  { sun-streams ("/dev/log" door("/var/run/syslog_door")); internal(); };

#----------------------------------------------------------------------
#  Standard Log file locations
#----------------------------------------------------------------------
destination d_cons      { file("/dev/console"); };
destination d_mesg      { file("/var/adm/messages"); };
destination d_mail      { file("/var/log/syslog"); };
destination d_auth      { file("/var/log/authlog"); };
destination d_mlop      { usertty("operator"); };
destination d_mlrt      { usertty("root"); };
destination d_mlal      { usertty("*"); };

#----------------------------------------------------------------------
#  Forward to a loghost server
#----------------------------------------------------------------------
destination d_loghostdr   { tcp("loghostdr" port(514)); };

#----------------------------------------------------------------------
#  Standard filters for the standard destinations.
#----------------------------------------------------------------------
filter f_filter1   { level(err) or
                     (level(notice) and facility (auth, kern)); };
filter f_filter2   { level(err) or
                     (facility(kern) and level(notice)) or
                     (facility(daemon) and level(notice)) or
                     (facility(mail) and level(crit)); };
filter f_filter3   { level(alert) or
                     (facility(kern) and level(err)) or
                     (facility(daemon) and level(err)); };
filter f_filter4   { level(alert); };
filter f_filter5   { level(emerg); };
filter f_filter6   { facility(kern) and level(notice); };
filter f_filter7   { facility(mail) and level(debug); };
filter f_filter8   { facility(user) and level(err); };
filter f_filter9   { facility(user) and level(alert); };

#----------------------------------------------------------------------
#  Standard logging
#----------------------------------------------------------------------
log { source(s_local); filter(f_filter1); destination(d_cons); };
log { source(s_local); filter(f_filter2); destination(d_mesg); };
log { source(s_local); filter(f_filter3); destination(d_mlop); };
log { source(s_local); filter(f_filter4); destination(d_mlrt); };
log { source(s_local); filter(f_filter5); destination(d_mlal); };
log { source(s_local); filter(f_filter6); destination(d_auth); };
log { source(s_local); filter(f_filter7); destination(d_mail); };
log { source(s_local); filter(f_filter8); destination(d_cons);
                                        destination(d_mesg); };
log { source(s_local); filter(f_filter9); destination(d_mlop);
                                        destination(d_mlrt); };

#----------------------------------------------------------------------
#  Send to a remote loghost
#----------------------------------------------------------------------
log { source(s_local); destination(d_loghostdr); };

Tornado
 

10 More Discussions You Might Find Interesting

1. Red Hat

syslog.conf

Hi all I have a RedHat Linux AS2.1 server that keep crashing/rebooting and there are no messages in the /var/log/messages file pointing to any problems. I had a look at the /etc/syslog.conf file to see what gets logged to /var/log/messages, but I don't know what else to add. Can anyone tell me... (1 Reply)
Discussion started by: soliberus
1 Replies

2. Linux

SYSLOG.CONF another port

Hi everybody, i have a little problem... I have two server srv01 and srv02. srv02 have a syslogd server onboard and listen on 515... not on 514 (it's busy). How i configure the syslog.conf of srv01 for send logs on srv02:515 ??? Now i have on srv01: *.* @srv02 if i write: *.* ... (0 Replies)
Discussion started by: Zio Bill
0 Replies

3. UNIX for Dummies Questions & Answers

Help confiuring syslog.conf

Hi, We had a hardware problem at work and none of the kernel problems outputted to the log file, just the screen. How can I configure the syslogd.conf file to record kernel events (ie hardware problems) to /dev/console and/var/log/messages. Can I just put: /dev/console /var/log/messages on... (5 Replies)
Discussion started by: mojoman
5 Replies

4. Solaris

Want to know about a entry in syslog.conf

Hi Everyone, I just wanted to know about the below entry in syslog.conf in Solaris 10: kern.notice @destserver Now the log will be redirected to destserver. But I want to know the location on the destserver where this log will be thrown. Thanks in Advance, Deepak (4 Replies)
Discussion started by: naw_deepak
4 Replies

5. UNIX for Advanced & Expert Users

Modifying syslog.conf

I have a RHEL box that I want to be the loghost for all of the other systems on my network and have set up a /logs partitions to hold all of the logs. I've also created a file called current.log that will contain daily logs and created it using the following command: cp /dev/null current.log. ... (4 Replies)
Discussion started by: goose25
4 Replies

6. Shell Programming and Scripting

syslog.conf

How can i configure messages with warn priority to be logged in /var/log/mywarnings.log ? (1 Reply)
Discussion started by: g0dlik3
1 Replies

7. Solaris

best configuration for syslog.conf

I would like to configure the syslog.conf to have a good monitoring information about my system. do you have any idea about best configuration from your experience in your Data Centers BR, (5 Replies)
Discussion started by: maxim42
5 Replies

8. Red Hat

Configuring syslog.conf

Hi, I would like to configure syslog linux client, syslog server is windows server. so adding on linux client in /etc/syslog.conf @hostname will work in the place of directory location. example of /etc/syslog.conf # Log all kernel messages to the console. # Logging much else clutters up... (2 Replies)
Discussion started by: manoj.solaris
2 Replies

9. BSD

Syslog.conf issue

I'm trying to get all ipfw logs going to ipfw.log I've managed that, but ipfw.log is also getting stuff that shows up in system.log !-ipfw *.notice;authpriv,remoteauth,ftp,install,internal.none /var/log/system.log kern.* /var/log/kernel.log... (5 Replies)
Discussion started by: jnojr
5 Replies

10. Solaris

Which are the available entries to forward syslog in syslog.conf?

Hi Community Which are the available entries to forward syslog in syslog.conf i have put *.err;kern.debug;daemon.notice;mail.crit;user.alert;user.emerg;kern.notice;auth.notice;kern.warning @172.16.200.50 and it's not going through.giving error message like below: syslogd:... (2 Replies)
Discussion started by: bentech4u
2 Replies
All times are GMT -4. The time now is 02:42 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy