Has anyone here configured a central syslog server using syslog-ng ?
I have set one up and I'm trying to tune the syslog-ng.conf file, both for the server and the client. I have found lots of linux example files, but not much on Solaris which is slightly different.
So if you have a Solaris syslog-ng.conf or have any links to some I would love to see them.
This is what I have:
Server:
Code:
#
# syslog-ng server configuration:
#
options
{
sync (0);
stats (0);
chain_hostnames(no);
create_dirs (yes);
dir_perm(0755);
dns_cache(yes);
keep_hostname(yes);
log_fifo_size(2048);
long_hostnames(on);
perm(0644);
time_reopen (10);
use_dns(yes);
};
source s_local { sun-streams ("/dev/log" door("/var/run/syslog_door")); internal(); };
source s_remote { tcp(); };
#----------------------------------------------------------------------
# Standard Log file locations
#----------------------------------------------------------------------
destination d_cons { file("/dev/console"); };
destination d_mesg { file("/var/adm/messages"); };
destination d_mail { file("/var/log/syslog"); };
destination d_auth { file("/var/log/authlog"); };
destination d_mlop { usertty("operator"); };
destination d_mlrt { usertty("root"); };
destination d_mlal { usertty("*"); };
#----------------------------------------------------------------------
# Remote logs sorting by host
#----------------------------------------------------------------------
destination d_clients { file("/var/log/HOSTS/$HOST/$R_YEAR/$R_MONTH/$R_DAY/$FACILITY"); };
#----------------------------------------------------------------------
# Standard filters for the standard destinations.
#----------------------------------------------------------------------
filter f_filter1 { level(err) or
(level(notice) and facility (auth, kern)); };
filter f_filter2 { level(err) or
(facility(kern) and level(notice)) or
(facility(daemon) and level(notice)) or
(facility(mail) and level(crit)); };
filter f_filter3 { level(alert) or
(facility(kern) and level(err)) or
(facility(daemon) and level(err)); };
filter f_filter4 { level(alert); };
filter f_filter5 { level(emerg); };
filter f_filter6 { facility(kern) and level(notice); };
filter f_filter7 { facility(mail) and level(debug); };
filter f_filter8 { facility(user) and level(err); };
filter f_filter9 { facility(user) and level(alert); };
#----------------------------------------------------------------------
# Standard logging
#----------------------------------------------------------------------
log { source(s_local); filter(f_filter1); destination(d_cons); };
log { source(s_local); filter(f_filter2); destination(d_mesg); };
log { source(s_local); filter(f_filter3); destination(d_mlop); };
log { source(s_local); filter(f_filter4); destination(d_mlrt); };
log { source(s_local); filter(f_filter5); destination(d_mlal); };
log { source(s_local); filter(f_filter6); destination(d_auth); };
log { source(s_local); filter(f_filter7); destination(d_mail); };
log { source(s_local); filter(f_filter8); destination(d_cons);
destination(d_mesg); };
log { source(s_local); filter(f_filter9); destination(d_mlop);
destination(d_mlrt); };
#----------------------------------------------------------------------
# Remote logging
#----------------------------------------------------------------------
log { source(s_remote); destination(d_clients); };
##########################################
## NOT SURE IF I NEED THIS ##
##########################################
#----------------------------------------------------------------------
# Special catch all destination sorting by host
#----------------------------------------------------------------------
log { source(s_local); source(s_remote); destination(d_clients); };
Client:
Code:
#
# syslog-ng client configuration: some local logs, in addition to TCP
# logging to central loghost.
#
options
{
sync (0);
stats (0);
chain_hostnames(no);
create_dirs (yes);
dir_perm(0755);
dns_cache(yes);
keep_hostname(yes);
log_fifo_size(2048);
long_hostnames(on);
perm(0644);
time_reopen (10);
use_dns(yes);
};
source s_local { sun-streams ("/dev/log" door("/var/run/syslog_door")); internal(); };
#----------------------------------------------------------------------
# Standard Log file locations
#----------------------------------------------------------------------
destination d_cons { file("/dev/console"); };
destination d_mesg { file("/var/adm/messages"); };
destination d_mail { file("/var/log/syslog"); };
destination d_auth { file("/var/log/authlog"); };
destination d_mlop { usertty("operator"); };
destination d_mlrt { usertty("root"); };
destination d_mlal { usertty("*"); };
#----------------------------------------------------------------------
# Forward to a loghost server
#----------------------------------------------------------------------
destination d_loghostdr { tcp("loghostdr" port(514)); };
#----------------------------------------------------------------------
# Standard filters for the standard destinations.
#----------------------------------------------------------------------
filter f_filter1 { level(err) or
(level(notice) and facility (auth, kern)); };
filter f_filter2 { level(err) or
(facility(kern) and level(notice)) or
(facility(daemon) and level(notice)) or
(facility(mail) and level(crit)); };
filter f_filter3 { level(alert) or
(facility(kern) and level(err)) or
(facility(daemon) and level(err)); };
filter f_filter4 { level(alert); };
filter f_filter5 { level(emerg); };
filter f_filter6 { facility(kern) and level(notice); };
filter f_filter7 { facility(mail) and level(debug); };
filter f_filter8 { facility(user) and level(err); };
filter f_filter9 { facility(user) and level(alert); };
#----------------------------------------------------------------------
# Standard logging
#----------------------------------------------------------------------
log { source(s_local); filter(f_filter1); destination(d_cons); };
log { source(s_local); filter(f_filter2); destination(d_mesg); };
log { source(s_local); filter(f_filter3); destination(d_mlop); };
log { source(s_local); filter(f_filter4); destination(d_mlrt); };
log { source(s_local); filter(f_filter5); destination(d_mlal); };
log { source(s_local); filter(f_filter6); destination(d_auth); };
log { source(s_local); filter(f_filter7); destination(d_mail); };
log { source(s_local); filter(f_filter8); destination(d_cons);
destination(d_mesg); };
log { source(s_local); filter(f_filter9); destination(d_mlop);
destination(d_mlrt); };
#----------------------------------------------------------------------
# Send to a remote loghost
#----------------------------------------------------------------------
log { source(s_local); destination(d_loghostdr); };
Hi all
I have a RedHat Linux AS2.1 server that keep crashing/rebooting and there are no messages in the /var/log/messages file pointing to any problems. I had a look at the /etc/syslog.conf file to see what gets logged to /var/log/messages, but I don't know what else to add. Can anyone tell me... (1 Reply)
Hi everybody,
i have a little problem...
I have two server srv01 and srv02.
srv02 have a syslogd server onboard and listen on 515... not on 514 (it's busy).
How i configure the syslog.conf of srv01 for send logs on srv02:515 ???
Now i have on srv01:
*.* @srv02
if i write:
*.* ... (0 Replies)
Hi,
We had a hardware problem at work and none of the kernel problems outputted to the log file, just the screen. How can I configure the syslogd.conf file to record kernel events (ie hardware problems) to /dev/console and/var/log/messages. Can I just put:
/dev/console /var/log/messages on... (5 Replies)
Hi Everyone,
I just wanted to know about the below entry in syslog.conf in Solaris 10:
kern.notice @destserver
Now the log will be redirected to destserver. But I want to know the location on the destserver where this log will be thrown.
Thanks in Advance,
Deepak (4 Replies)
I have a RHEL box that I want to be the loghost for all of the other systems on my network and have set up a /logs partitions to hold all of the logs. I've also created a file called current.log that will contain daily logs and created it using the following command: cp /dev/null current.log. ... (4 Replies)
I would like to configure the syslog.conf to have a good monitoring information about my system.
do you have any idea about best configuration from your experience in your Data Centers
BR, (5 Replies)
Hi,
I would like to configure syslog linux client, syslog server is windows server.
so adding on linux client in /etc/syslog.conf @hostname will work in the place of directory location.
example of /etc/syslog.conf
# Log all kernel messages to the console.
# Logging much else clutters up... (2 Replies)
I'm trying to get all ipfw logs going to ipfw.log I've managed that, but ipfw.log is also getting stuff that shows up in system.log
!-ipfw
*.notice;authpriv,remoteauth,ftp,install,internal.none /var/log/system.log
kern.* /var/log/kernel.log... (5 Replies)
Hi Community
Which are the available entries to forward syslog in syslog.conf
i have put
*.err;kern.debug;daemon.notice;mail.crit;user.alert;user.emerg;kern.notice;auth.notice;kern.warning @172.16.200.50
and it's not going through.giving error message like below:
syslogd:... (2 Replies)