syslog.conf 1

[lumberg]

Hi all

My boss wants a centralized syslogging machine. He has chosen to use an NT box running some freeware called kiwi sysgen. I havent been able to find much doc on the software.

What do I need to do in syslog.conf to direct messages to this new machine as well as display them and log them on the host machine ( OS 2.8 )

Many thanks in advance for your help

Dennis

 

[lfoata]

Here is a syslog.conf file that does what you want.
Don't forget to add a host in your DNS called logmaster or something like that.
You may want to add or remove stuff depending of what you want to monitor.
By the way, Solaris comes with the functionnality of centralised syslog if you wish to use it. (nothing to do) and you use `swatch` to monitor the logs.


local7.* /var/log/vpn
*.err;kern.notice;auth.notice;user.none /dev/sysmsg
*.err;kern.debug;mail.crit;user.none /var/adm/messages
lpr.debug /var/adm/lpd-errs

# You may want to add operator to the following if your operator
# is a traditional Unix style operator.
*.alert;kern.err;daemon.err root

*.emerg;user.none *

# for loghost machines, to have authentication messages (su, login, etc.)
# logged to a file, un-comment out the following line and adjust the file name
# as appropriate.
#
auth.notice /var/log/authlog
auth.notice /var/log/syslog
daemon.info /var/log/syslog
mail.debug /var/log/syslog
kern.debug /var/log/syslog
user.alert /var/log/syslog

#
# non-loghost machines will use the following lines to cause "user"
# log messages to be logged locally.
#
user.err /dev/sysmsg
user.err /var/adm/messages
user.err /var/log/syslog
user.alert /var/log/syslog

# Send most everything to the LogMaster
*.emerg;*.alert;*.crit;*.err;*.warning;*.notice;*.info;mail.none @logmaster
kern.debug;mail.crit;mail.err @logmaster
Too bad I.T. is not cash business

Luc Foata
Unix sysadmin, Oracle DBA

 

[lfoata]

Here is a syslog.conf file that does what you want.
Don't forget to add a host in your DNS called logmaster or something like that.
You may want to add or remove stuff depending of what you want to monitor.
By the way, Solaris comes with the functionnality of centralised syslog if you wish to use it. (nothing to do) and you use `swatch` to monitor the logs.


local7.* /var/log/vpn
*.err;kern.notice;auth.notice;user.none /dev/sysmsg
*.err;kern.debug;mail.crit;user.none /var/adm/messages
lpr.debug /var/adm/lpd-errs

# You may want to add operator to the following if your operator
# is a traditional Unix style operator.
*.alert;kern.err;daemon.err root

*.emerg;user.none *

# for loghost machines, to have authentication messages (su, login, etc.)
# logged to a file, un-comment out the following line and adjust the file name
# as appropriate.
#
auth.notice /var/log/authlog
auth.notice /var/log/syslog
daemon.info /var/log/syslog
mail.debug /var/log/syslog
kern.debug /var/log/syslog
user.alert /var/log/syslog

#
# non-loghost machines will use the following lines to cause "user"
# log messages to be logged locally.
#
user.err /dev/sysmsg
user.err /var/adm/messages
user.err /var/log/syslog
user.alert /var/log/syslog

# Send most everything to the LogMaster
*.emerg;*.alert;*.crit;*.err;*.warning;*.notice;*.info;mail.none @logmaster
kern.debug;mail.crit;mail.err @logmaster

Too bad I.T. is not cash business

Luc Foata
Unix sysadmin, Oracle DBA

 

[lumberg]

Thank you.... thats exactly what I needed

dennis