Gregory K. Ruiz-Ade wrote:
On May 2, 2007, at 4:54 PM, Michael O'Keefe wrote:
You can use regular expressions with syslog-ng to decide where the
information goes, including where the log came from if you're using a
central logging server.
We use this to great effect on our central logging server. With it, you
can do things like have all your imap logs go to one file, while postfix
goes to another file, and postfix from the incoming gateway goes to yet
another file.
Use matching filters based on priority, facility, program name, regexp
in the log message itself, regexp on host names or IP addresses, etc.
Additionally useful is the ability to send to multiple diverse targets,
such as mysql and postgresql databases, other syslog servers (UDP),
other syslog-ng servers (TCP or UDP), and so on.
Syslog-ng is extremely flexible in ways that are very useful for
environments where you need to keep track of things. We dump everything
into a mysql database and use phpsyslog-ng (i think) as a web front-end
for doing searches on the logs.
(http://www.vermeer.org/projects/php-syslog-ng)
Gregory
I've been wanting to use syslog-ng for some time. But I have yet to find
a clearly explained basic config file for it. Every tutorial I've seen
has a completely different starting point with any explanation
apparently aimed at people who already know how to use it.
For instance, I'd like logs from some of my home computers go to my file
server where they'll be distributed to different log files (rather than
just all to syslog) on the server.
Like my backup server and firewall both send me emails every day. I'd
much rather they went to syslog-ng on the file server where they'll be
sorted out into separate log files.
I'm afraid reading any explanations I've found so far of syslog-ng's
rules is a good demonstration of why I'm not a system admin.
--
Best Regards,
~DJA.
--
[email protected]
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
