Sponsored Links
We are running a log server (syslog-ng). We are receiving the logs from our hardware devices on port 514. The problem is the logs were writing into "/var/log/messages". How can we write this log to a separate dedicated file. Also forwarding this log to an another log server? Its better to have a centralized log server which collects logs from all of the other ssytems. So if even one system fails we get the information from the central log server.We will see how:
in a syslog-ng-2.1.4-9.el5 server, listening on port 514
Open the syslog-ng configuration file for editing:
[root@logs ~]# vim /etc/syslog-ng/syslog-ng.conf
#Declaring the input
source s_sys {
udp(ip(0.0.0.0) port(514));
};
#Declaring the destination file
destination d_custom { file("/var/log/devicemessages"); };
#Writing the rule to forward the input to file
log { source(s_sys); filter(f_default); destination(d_custom); };
#For forwarding this log to a different log server
destination graylog2 { udp("xxx.xxx.xxx.xxx" port(514)); };
log {
source(s_sys);
destination(graylog2);
};
Best Reads:
1. Logging and Log Management: The Authoritative Guide to Understanding the Concepts Surrounding Logging and Log Management
Sponsored Links
No comments:
Post a Comment
Be nice. That's all.