sysklogd dumps *all* syslog messages to /var/log/messages

[ryouga42]

I'm using sysklogd after deciding that it was the easiest to set up for network logging. (If someone wants to suggest something like syslog-ng, I'm all ears, I'd just like help configuring such.

Basically, the entire network infrastructure is set up to syslog to this server. Quite a bit of traffic. I'd like to keep the behavior that sends all syslog messages to /var/log/syslog - I've trained my shop on how to use this through Webmin (so much better than Remote Desktop. Ugh) but I'd like to keep the messages from remote systems separate from the messages generated by the local system.

Is this possible to do with sysklogd, do I need to switch to syslog-ng or metalog or such, and how do I configure it/them to do this?

Thanks.

[hecatomb]

I've read some manuals about syslog now but can't find anything about separating the logs according to hosts. May be I'm to dumb?
But syslog-ng can!! Just one example: http://www.campin.net/newlogcheck.html
google can give you much more!

[ryouga42]

Yeah, I broke down and installed syslog-ng after a bit of running in circles. I didn't really need it broken down by host but it's kind of an added perk.

Except now I can't view it with Webmin anymore - not natively anyway. I have it set up as a dirty hack to use the old syslog.conf and view /var/log/cisco/*.log - but there has to be a better way to do it.

I couldn't find a syslog-ng module for Webmin. Is there some other clean way to view logs over a web interface?

[hecatomb]

Yes, there exists a really nice way to manage the syslogs using a webinterface.
Redirect all syslog messages into a mysql database: http://vermeer.org/display_doc.php?doc_id=1
And view it using a php interface: http://vermeer.org/display_project.php?project=php-syslog-ng

[ryouga42]

After reading the first website you gave me, I was considering the merits of logging to an SQL server.

But I really like this. Thanks a lot!