> I thought it was as easy as setting the hostname > "loghost" to point to the right machine. If you look > at /etc/hosts, you should see the local host defined > as "loghost". But then again, it's been many years > since I've needed to do this.
The default syslog.conf does use loghost; and according to syslog.conf(4), if loghost exists and has the same IP as one of the system's interfaces, it defines the m4 constant LOGHOST, allowing conditional expressions depending on whether one is on the loghost or not. AFAIK, the problems with the vanilla syslogd for remote logging are that it doesn't offer enough control to separate out what came from where (as the loghost), and (as either) it only uses UDP, which means it can't handle a whole lot of clients without dropping packets. An alternate implementation, syslog-ng (not included with Solaris AFAIK) addresses those problems. However, the transition wouldn't be painless - I think the configuration file format is incompatible, the default configuration is very different, the logged message format may differ some, and I'm not sure how well it integrates with Solaris. There used to be some problems getting it to work on Solaris, but I gather most of those have been taken care of, give or take the differences in configuration and output. In other words, I haven't tried to set it up myself, although I've seen a few systems where someone did. There had been some questions once about whether syslog-ng would be integrated into Solaris eventually; I don't know that they ever reached a conclusion. This message posted from opensolaris.org _______________________________________________ opensolaris-discuss mailing list [email protected]
