Writing logs from the port to a custom file in syslog-ng

Advertisements

We are running a log server (syslog-ng). We are receiving the logs from our hardware devices on port 514. The problem is the logs were writing into "/var/log/messages". How can we write this log to a separate dedicated file. Also forwarding this log to an another log server? Its better to have a centralized log server which collects logs from all of the other ssytems. So if even one system fails we get the information from the central log server.

We will see how:
 in a syslog-ng-2.1.4-9.el5 server, listening on port 514

Open the syslog-ng configuration file for editing:
[root@logs ~]# vim /etc/syslog-ng/syslog-ng.conf

#Declaring the input
source s_sys {
        udp(ip(0.0.0.0) port(514));
};


#Declaring the destination file
destination d_custom { file("/var/log/devicemessages"); };


#Writing the rule to forward the input to file  
log { source(s_sys); filter(f_default); destination(d_custom); };


#For forwarding this log to a different log server
destination graylog2 { udp("xxx.xxx.xxx.xxx" port(514)); };
log {
        source(s_sys);
        destination(graylog2);
};
Best Reads:
1.  Logging and Log Management: The Authoritative Guide to Understanding the Concepts Surrounding Logging and Log Management