Hi, I know most distros ship with such a syslog setup by default but honestly I think such a setup is a joke in 2013. E.g.: > # Save news errors of level crit and higher in a special file. > uucp,news.crit /var/log/spooler News errors?? Maybe 20 years ago this was of some use, or I'm missing something.
On the other hand nxlog can be used to replace the default syslog and can be even configured to have the exact same file destination. The im_kernel and the im_uds modules are there to read the logs, it's just a matter of setting up the filtering rules and store the log in files. Here is a simple config that you can use as a start (or as is): <Input syslog> Module im_uds Uds /var/run/nxlog/devlog Exec parse_syslog_bsd(); FlowControl FALSE </Input> <Input internal> Module im_internal </Input> <Input kernel> Module im_kernel Exec parse_syslog_bsd(); </Input> <Output localfile> Module om_file File '/var/log/nxlog/syslog' OutputType LineBased Truncate FALSE Exec if $raw_event =~ s/(\s+)$// {} <Schedule> Every 1 hour Exec if (file_exists("/var/log/nxlog/syslog") and (file_size("/var/log/nxlog/syslog") >= 5M)) { file_cycle("/var/log/nxlog/syslo g", 8); reopen(); } </Schedule> </Output> <Route 66> Path syslog, internal, kernel => sslout, localfile </Route> Regards, Botond On Sat, 5 Oct 2013 11:52:02 -0700 "Paul Fontenot" <ssdv6...@gmail.com> wrote: > Is nxlog a viable replacement for syslog? I've been looking over the docs > and searching Google, though I freely admit my Google Fu is lacking, and > I've not found any example of how to replace the log file structure of a > syslog server. Meaning, I've not found - nor figured out - how to replicate > a normal syslog server in nxlog. If anyone done this or can shed a little > light on it I would greatly appreciate the help. > > # Log all kernel messages to the console. > # Logging much else clutters up the screen. > #kern.* /dev/console > > # Log anything (except mail) of level info or higher. > # Don't log private authentication messages! > *.info;mail.none;authpriv.none;cron.none /var/log/messages > > # The authpriv file has restricted access. > authpriv.* /var/log/secure > > # Log all the mail messages in one place. > mail.* -/var/log/maillog > > # Log cron stuff > cron.* /var/log/cron > > # Everybody gets emergency messages > *.emerg * > > # Save news errors of level crit and higher in a special file. > uucp,news.crit /var/log/spooler > > # Save boot messages also to boot.log > local7.* /var/log/boot.log > > > ------------------------------------------------------------------------------ > October Webinars: Code for Performance > Free Intel webinars can help you accelerate application performance. > Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from > the latest Intel processors and coprocessors. See abstracts and register > > http://pubads.g.doubleclick.net/gampad/clk?id=60134791&iu=/4140/ostg.clktrk > _______________________________________________ > nxlog-ce-users mailing list > nxlog-ce-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/nxlog-ce-users ------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60134791&iu=/4140/ostg.clktrk _______________________________________________ nxlog-ce-users mailing list nxlog-ce-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nxlog-ce-users