Hello Kevin, Others may have additional tips for you, but I have been working on this exact task myself and have found a few docs to be helpful. What I did was first setup my boxes to use syslog-ng (you can also do it with stock syslog, but syslog-ng is easier to use and more flexible, I find, and is becoming the standard). Then you create a destination for your Zenoss server in the conf, and setup filters to send various log entries to it. Restart syslog-ng, make sure your listening ports are right (see next link) and you are in business.
There is a pretty comprehensive guide here: http://www.zenoss.com/community/wiki/syslog-overview/ General info on syslog-ng, with remote forwarding: http://sial.org/howto/logging/syslog-ng/ Once you have this setup according to the guide, you should be receiving the log entries at your Zenoss instance that you put in your log conf. They become events, like any other. You can then setup classes, mappings, filter via regex, etc. On the last point (which you said you wanted to do), I am not quite there yet, so I cannot give you details, but I know it is possible with the default functionality. Good luck! -Sam -------------------- m2f -------------------- Read this topic online here: http://community.zenoss.com/forums/viewtopic.php?p=12448#12448 -------------------- m2f -------------------- _______________________________________________ zenoss-users mailing list [email protected] http://lists.zenoss.org/mailman/listinfo/zenoss-users
