For When You Can't Have The Real Thing
[ start | index | login ]
start > Linux > syslog-ng for Linux

syslog-ng for Linux

Created by dave. Last edited by dave, 13 years and 171 days ago. Viewed 6,805 times. #2
[diff] [history] [edit] [rdf]
labels
attachments

Sample configuration for linux syslog-ng

# syslog-ng.conf
#
# 1002.10 David Mackintosh
#
# Generic Format: log ($SOURCE, [$FILTER, [$FILTER, [...]] $DESTINATION

# Note that you have to define your sources, filters, and destinations # before you can use them.

# Program Options:

options { # use_fqdn(yes); # use_dns(yes); # dns_cache(yes); keep_hostname(yes); long_hostnames(off); sync(0); log_fifo_size(1024); };

# Sources:

source all_src { file ("/proc/kmsg" log_prefix("kernel: ")); unix-stream ("/dev/log"); internal(); udp(ip(0.0.0.0) port(514)); };

# Filters: # Severities: I like filters set up this way as they simulate the effects of # traditional syslog.conf format. # filter f_notice { level(notice ... emerg);}; filter f_info { level(info ... emerg);}; filter f_debug { level(debug ... emerg);};

# If mail is going to a specific place, I like to keep it out of other places.

filter f_not_mail { not facility(mail); }; filter f_mail { facility(mail); };

# Destinations: # The leading "\n" character in the template is to work-around # a bug with netscreen syslogging.

destination messages { file("/var/log/messages" template("\n$ISODATE $HOST $MSG"));}; # destination syslog { file("/var/log/syslog");}; destination maillog { file("/var/log/maillog" template("\n$ISODATE $HOST $MSG"));};

# Magic per-host destinations: # Magic per-host destination (good for central syslog hosts). # Note that $HOST is the name of the system sending the update, NOT the # originating system (ie in a scenario where one log concentrator sends # logs on to another concentrator: if Host A sends to Host B, and host B # sends on to host C, which has this type of destination, then $HOST is # going to be B, even though the message originated on A.)

destination debug-per-host { file("/var/log/HOSTS/$HOST/debug.$YEAR-$MONTH-$DAY" owner(root) group(root) perm(0600) dir_perm(0700) template("\n$ISODATE $HOST $MSG") create_dirs(yes)); };

# Glue it all together:

log { source(all_src); filter(f_not_mail); filter(f_info); destination(messages); }; log { source(all_src); filter(f_mail); filter(f_info); destination(maillog); }; log { source(all_src); filter(f_debug); destination(debug-per-host); };

Housekeeping

In cron:

# Compress and prune per-system syslogs
15 3 * * * for i in `find /var/log/HOSTS -type f -mtime +7 | sort | grep -v '.gz'` ; do gzip -9 $i ; done
10 3 * * * for i in `find /var/log/HOSTS -type f -mtime +28 | sort | grep '.gz'` ; do rm -f $i ; done

Getting

Syslog-ng for RHEL-5 is available through the EPEL. (See Linux/RedHat/Enterprise/5/Other Yum Repositories For RHEL-5 Family notes.)

no comments | post comment
This is a collection of techical information, much of it learned the hard way. Consider it a lab book or a /info directory. I doubt much of it will be of use to anyone else.

Useful:


snipsnap.org | Copyright 2000-2002 Matthias L. Jugel and Stephan J. Schmidt