BSD Help
 
Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
User Name:
Password:
Remember me
Go Back   Dev Shed ForumsOperating SystemsBSD Help

Reply
Add This Thread To:
  Del.icio.us   Digg   Google   Spurl   Blink   Furl   Simpy   Y! MyWeb 
Thread Tools Search this Thread Rate Thread Display Modes
 
Unread Dev Shed Forums Sponsor:
Get inside! Sample the range of functionality easily built with JMSL Library for Time Series Data Analysis, Heat Maps, Portfolio Optimization, Monte Carlo Simulation, Stock Price Charting and more. Download Now!
  #1  
Old August 11th, 2004, 01:42 PM
cweise cweise is offline
Registered User
Dev Shed Newbie (0 - 499 posts)
 
Join Date: Aug 2004
Posts: 5 cweise User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 0
creating a syslog server

I'm trying to create a centralized logging server with syslog. Ideally, I'd like to log each server to a separate directory, for example server1's logs would be in /var/log/server1/whatever.log. I can't seem to figure out how to setup syslogd.conf to tell it if it comes in from host X, log to file Y. I'm sure it's something simple.

Reply With Quote
  #2  
Old August 11th, 2004, 02:48 PM
stevengs stevengs is offline
Permanently Banned
Dev Shed Newbie (0 - 499 posts)
 
Join Date: Jun 2004
Location: Germany
Posts: 394 stevengs User rank is Lance Corporal (50 - 100 Reputation Level)stevengs User rank is Lance Corporal (50 - 100 Reputation Level)stevengs User rank is Lance Corporal (50 - 100 Reputation Level) 
Time spent in forums: 3 Days 4 h 36 m 24 sec
Warnings Level: 10
Number of bans: 1
Reputation Power: 0
aha, i've seen this one before...

try reading: http://forums.devshed.com/showthread.php?t=118652

-Steven

Reply With Quote
  #3  
Old August 11th, 2004, 03:59 PM
cweise cweise is offline
Registered User
Dev Shed Newbie (0 - 499 posts)
 
Join Date: Aug 2004
Posts: 5 cweise User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 0
Hrm.. I've tried that with no avail. Does the hostname have to be a fqdn? or can it be something I put in my /etc/hosts file.

Reply With Quote
  #4  
Old August 11th, 2004, 05:25 PM
stevengs stevengs is offline
Permanently Banned
Dev Shed Newbie (0 - 499 posts)
 
Join Date: Jun 2004
Location: Germany
Posts: 394 stevengs User rank is Lance Corporal (50 - 100 Reputation Level)stevengs User rank is Lance Corporal (50 - 100 Reputation Level)stevengs User rank is Lance Corporal (50 - 100 Reputation Level) 
Time spent in forums: 3 Days 4 h 36 m 24 sec
Warnings Level: 10
Number of bans: 1
Reputation Power: 0
I assume that the data is arriving at the server? Can you see the packets in the "all" log? If so, look and see if the individual packets contain the hostname.. (post the pertinent portion of the logfile here)

-Steven

Reply With Quote
  #5  
Old August 11th, 2004, 06:07 PM
cweise cweise is offline
Registered User
Dev Shed Newbie (0 - 499 posts)
 
Join Date: Aug 2004
Posts: 5 cweise User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 0
Yep, it lands in /var/log/messages

Aug 11 13:56:41 rfwireless4 pop3vscan[18057]: Connection from 192.168.254.109:2812
Aug 11 13:56:41 rfwireless4 pop3vscan[18057]: Real-server adress is a.b.c.d:110
Aug 11 13:56:41 rfwireless4 pop3vscan[18057]: USER 'test@test.dom'
Aug 11 13:56:41 rfwireless4 pop3vscan[18057]: Session done (Clean Exit). Mails: 0 Bytes: 0

In my /etc/syslog.conf file after all the default syslog stuff I have:

+rfwireless4
*.* /var/log/rfwireless4/messages.log

I've created the /var/log/rfwireless4 dir and touched the messages.log file in that dir before sending a HUP to syslogd. I've replaced the ip in the log with a.b.c.d, but it actually shows the ip. Not that it's terribly relevant, which is why I left it out.

Reply With Quote
  #6  
Old August 12th, 2004, 10:03 AM
stevengs stevengs is offline
Permanently Banned
Dev Shed Newbie (0 - 499 posts)
 
Join Date: Jun 2004
Location: Germany
Posts: 394 stevengs User rank is Lance Corporal (50 - 100 Reputation Level)stevengs User rank is Lance Corporal (50 - 100 Reputation Level)stevengs User rank is Lance Corporal (50 - 100 Reputation Level) 
Time spent in forums: 3 Days 4 h 36 m 24 sec
Warnings Level: 10
Number of bans: 1
Reputation Power: 0
how about the syslogd switches? Did you make sure the correct ones are used? (post the ps output):

ps -ax | grep syslogd

from the manpage:

Code:
 -a allowed_peer
             Allow allowed_peer to log to this syslogd using UDP datagrams.
             Multiple -a options may be specified.

             Allowed_peer can be any of the following:

             ipaddr/masklen[:service]    Accept datagrams from ipaddr (in the
                                         usual dotted quad notation) with
                                         masklen bits being taken into account
                                         when doing the address comparison.
                                         ipaddr can be also IPv6 address by
                                         enclosing the address with `[' and
                                         `]'.  If specified, service is the
                                         name or number of an UDP service (see
                                         services(5)) the source packet must
                                         belong to.  A service of `*' allows
                                         packets being sent from any UDP port.
                                         The default service is `syslog'.  If
                                         ipaddr is IPv4 address, a missing
                                         masklen will be substituted by the
                                         historic class A or class B netmasks
                                         if ipaddr belongs into the address
                                         range of class A or B, respectively,
                                         or by 24 otherwise.  If ipaddr is
                                         IPv6 address, a missing masklen will
                                         be substituted by 128.

             domainname[:service]        Accept datagrams where the reverse
                                         address lookup yields domainname for
                                         the sender address.  The meaning of
                                         service is as explained above.

             *domainname[:service]       Same as before, except that any
                                         source host whose name ends in
                                         domainname will get permission.



make sure secure mode is off ( the -s switch blocks incoming remote logs).

-Steven

Reply With Quote
  #7  
Old August 12th, 2004, 11:22 AM
cweise cweise is offline
Registered User
Dev Shed Newbie (0 - 499 posts)
 
Join Date: Aug 2004
Posts: 5 cweise User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 0
ps waux | grep syslogd | grep -v grep
root 53637 0.0 0.1 1016 644 ?? Ss 4:13PM 0:01.32 /usr/sbin/syslogd -a 192.168.100.1/255.255.255.255

Reply With Quote
  #8  
Old August 12th, 2004, 11:38 AM
stevengs stevengs is offline
Permanently Banned
Dev Shed Newbie (0 - 499 posts)
 
Join Date: Jun 2004
Location: Germany
Posts: 394 stevengs User rank is Lance Corporal (50 - 100 Reputation Level)stevengs User rank is Lance Corporal (50 - 100 Reputation Level)stevengs User rank is Lance Corporal (50 - 100 Reputation Level) 
Time spent in forums: 3 Days 4 h 36 m 24 sec
Warnings Level: 10
Number of bans: 1
Reputation Power: 0
ok, what does the rest of your syslog.conf look like? Do you have any open program blocks before the remote host?

-Steven

Reply With Quote
  #9  
Old August 12th, 2004, 11:55 AM
cweise cweise is offline
Registered User
Dev Shed Newbie (0 - 499 posts)
 
Join Date: Aug 2004
Posts: 5 cweise User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 0
# $FreeBSD: src/etc/syslog.conf,v 1.13.2.3 2002/04/15 00:44:13 dougb Exp $
#
# Spaces ARE valid field separators in this file. However,
# other *nix-like systems still insist on using tabs as field
# separators. If you are sharing this file between systems, you
# may want to use only tabs as field separators here.
# Consult the syslog.conf(5) manpage.
*.err;kern.debug;auth.notice;mail.crit /dev/console
*.notice;kern.debug;lpr.info;mail.crit;news.err /var/log/messages
security.* /var/log/security
auth.info;authpriv.info /var/log/auth.log
mail.info /var/log/maillog
lpr.info /var/log/lpd-errs
cron.* /var/log/cron
*.emerg *
# uncomment this to log all writes to /dev/console to /var/log/console.log
#console.info /var/log/console.log
# uncomment this to enable logging of all log messages to /var/log/all.log
# touch /var/log/all.log and chmod it to mode 600 before it will work
#*.* /var/log/all.log
# uncomment this to enable logging to a remote loghost named loghost
#*.* @loghost
# uncomment these if you're running inn
# news.crit /var/log/news/news.crit
# news.err /var/log/news/news.err
# news.notice /var/log/news/news.notice
!startslip
*.* /var/log/slip.log
!ppp
*.* /var/log/ppp.log

+rfwireless4
*.* /var/log/rfwireless4/messages.log

Reply With Quote
  #10  
Old August 12th, 2004, 02:04 PM
stevengs stevengs is offline
Permanently Banned
Dev Shed Newbie (0 - 499 posts)
 
Join Date: Jun 2004
Location: Germany
Posts: 394 stevengs User rank is Lance Corporal (50 - 100 Reputation Level)stevengs User rank is Lance Corporal (50 - 100 Reputation Level)stevengs User rank is Lance Corporal (50 - 100 Reputation Level) 
Time spent in forums: 3 Days 4 h 36 m 24 sec
Warnings Level: 10
Number of bans: 1
Reputation Power: 0
Post

from my understanding of the manpage, those program blocks cascade.

Code:
     Each block of lines is separated from the previous block by a program or
     hostname specification.  A block will only log messages corresponding to
     the most recent program and hostname specifications given.  Thus, with a
     block which selects `ppp' as the program, directly followed by a block
     that selects messages from the hostname `dialhost', the second block will
     only log messages from the ppp(8) program on dialhost.

     A program specification is a line beginning with `#!prog' or `!prog' (the
     former is for compatibility with the previous syslogd, if one is sharing
     syslog.conf files, for example) and the following blocks will be associ-
     ated with calls to syslog(3) from that specific program.  A program spec-
     ification for `foo' will also match any message logged by the kernel with
     the prefix `foo: '.  The `#!+prog' or `!+prog' specification works just
     like the previous one, and the `#!-prog' or `!-prog' specification will
     match any message but the ones from that program.  Multiple programs may
     be listed, separated by commas: `!prog1,prog2' matches messages from
     either program, while `!-prog1,prog2' matches all messages but those from
     `prog1' or `prog2'.

     A hostname specification of the form `#+hostname' or `+hostname' means
     the following blocks will be applied to messages received from the speci-
     fied hostname.  Alternatively, the hostname specification `#-hostname' or
     `-hostname' causes the following blocks to be applied to messages from
     any host but the one specified.  If the hostname is given as `@', the
     local hostname will be used.  As for program specifications, multiple
     comma-seprarated values may be specified for hostname specifications.

     A program or hostname specification may be reset by giving the program
     or hostname as `*'.




-Steven

Reply With Quote
  #11  
Old June 9th, 2006, 07:10 AM
anithh anithh is offline
Registered User
Dev Shed Newbie (0 - 499 posts)
 
Join Date: Jun 2006
Posts: 1 anithh User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 7 m 33 sec
Reputation Power: 0
Syslog configuration

Hi,

I have a requirement to setup a Syslog server with the following feature. It should log all the messages received via UDP from syslog daemons in other hosts to a local file. The messages generated by it should not be logged.

If someone could let me know the syslog.conf settings for this, it will be very helpful.

Thanks in advance.

Reply With Quote
Reply

Viewing: Dev Shed ForumsOperating SystemsBSD Help > creating a syslog server


Thread Tools  Search this Thread 
Search this Thread:

Advanced Search
Display Modes  Rate This Thread 
Rate This Thread:


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
View Your Warnings | New Posts | Latest News | Latest Threads | Shoutbox
Forum Jump


Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
  
 





© 2003-2008 by Developer Shed. All rights reserved. DS Cluster 4 hosted by Hostway