Syslog Server - splitting log info from client machines
Giorgos Keramidas
keramida at ceid.upatras.gr
Thu Oct 21 09:53:18 PDT 2004
On 2004-10-21 18:29, Odhiambo Washington <wash at wananchi.com> wrote:
>
> A quick question:
>
> On the client machine, I have:
>
> *.* @loghost
>
> Then on loghost, I want to split logs coming from the client machine
> into different files. I want separate log file for imapd, pop3d, etc.
>
> How do I do this with stock syslogd?
Look at the `+hostname' specification in syslog.conf(5). You can use
something like this:
+host1
*.* /var/log/remote/host1/messages
+host2
*.* /var/log/remote/host2/messages
in your `syslog.conf' file.
Please note that adding this to the end of the syslog.conf file will
not inhibit logging of the same messages to /var/log/messages or any
other matches found earlier. Thus, this syslog.conf file:
*.* /var/log/messages
+foo
*.* /var/log/remote/foo/messages
Will log the messages from host `foo' both in /var/log/messages *AND*
/var/log/remote/foo/messages.
To make syslogd log the messages from host `foo' only in
/var/log/remote/foo/messages you'd have to use something like this:
-foo
*.* /var/log/messages
+foo
*.* /var/log/remote/foo/messages
Multiple hosts can be specified like this:
-foo,bar
*.* /var/log/messages
+foo
*.* /var/log/remote/foo/messages
+bar
*.* /var/log/remote/bar/messages
Regards,
Giorgos
More information about the freebsd-questions
mailing list