Hi,
I know most distros ship with such a syslog setup by default but honestly
I think such a setup is a joke in 2013.
E.g.:
> # Save news errors of level crit and higher in a special file.
> uucp,news.crit /var/log/spooler
News errors?? Maybe 20 years ago this was of some use, or I'm missing
something.
On the other hand nxlog can be used to replace the default syslog and can
be even configured to have the exact same file destination.
The im_kernel and the im_uds modules are there to read the logs, it's
just a matter of setting up the filtering rules and store the log in
files.
Here is a simple config that you can use as a start (or as is):
<Input syslog>
Module im_uds
Uds /var/run/nxlog/devlog
Exec parse_syslog_bsd();
FlowControl FALSE
</Input>
<Input internal>
Module im_internal
</Input>
<Input kernel>
Module im_kernel
Exec parse_syslog_bsd();
</Input>
<Output localfile>
Module om_file
File '/var/log/nxlog/syslog'
OutputType LineBased
Truncate FALSE
Exec if $raw_event =~ s/(\s+)$// {}
<Schedule>
Every 1 hour
Exec if (file_exists("/var/log/nxlog/syslog") and
(file_size("/var/log/nxlog/syslog") >= 5M)) { file_cycle("/var/log/nxlog/syslo
g", 8); reopen(); }
</Schedule>
</Output>
<Route 66>
Path syslog, internal, kernel => sslout, localfile
</Route>
Regards,
Botond
On Sat, 5 Oct 2013 11:52:02 -0700
"Paul Fontenot" <ssdv6...@gmail.com> wrote:
> Is nxlog a viable replacement for syslog? I've been looking over the docs
> and searching Google, though I freely admit my Google Fu is lacking, and
> I've not found any example of how to replace the log file structure of a
> syslog server. Meaning, I've not found - nor figured out - how to replicate
> a normal syslog server in nxlog. If anyone done this or can shed a little
> light on it I would greatly appreciate the help.
>
> # Log all kernel messages to the console.
> # Logging much else clutters up the screen.
> #kern.* /dev/console
>
> # Log anything (except mail) of level info or higher.
> # Don't log private authentication messages!
> *.info;mail.none;authpriv.none;cron.none /var/log/messages
>
> # The authpriv file has restricted access.
> authpriv.* /var/log/secure
>
> # Log all the mail messages in one place.
> mail.* -/var/log/maillog
>
> # Log cron stuff
> cron.* /var/log/cron
>
> # Everybody gets emergency messages
> *.emerg *
>
> # Save news errors of level crit and higher in a special file.
> uucp,news.crit /var/log/spooler
>
> # Save boot messages also to boot.log
> local7.* /var/log/boot.log
>
>
> ------------------------------------------------------------------------------
> October Webinars: Code for Performance
> Free Intel webinars can help you accelerate application performance.
> Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
> the latest Intel processors and coprocessors. See abstracts and register >
> http://pubads.g.doubleclick.net/gampad/clk?id=60134791&iu=/4140/ostg.clktrk
> _______________________________________________
> nxlog-ce-users mailing list
> nxlog-ce-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nxlog-ce-users
------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60134791&iu=/4140/ostg.clktrk
_______________________________________________
nxlog-ce-users mailing list
nxlog-ce-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nxlog-ce-users
