| View previous topic :: View next topic |
| Author |
Message |
fosstux
Apprentice
Joined: 01 Oct 2002
Posts: 274
Location: Vienna, Austria
|
 Posted: Tue Dec 14, 2004 7:36 pm Post subject: Question concerning logfiles |
 |
|
Hi!
I'm using vixie cron and syslog-ng.
My question is the following: I'd like to setup seperate log files for my serversd I'm running. Those are:
- Postfic
- Courier-IMAP-SSL
- Authdaemond
- Saslauthd
- SSH
Please tell me how to setup the apps to log to the following paths:
- Postfix: /var/log/postfix
- Courier-IMAP-SSL: /var/log/courier
- Authdaemond: /var/log/auth
- Saslauthd: /var/log/sasl
- SSH: /var/log/ssh
Please help.
Thanks.
_________________
Windows = a 64 bit rewrite for a 32 bit extension to a 16 bit GUI on an
8 bit OS written for a 4 bit architecture by a 2 bit company who can't
stand 1 bit of competition. |
|
| Back to top |
|
 |
anderiv
Tux's lil' helper
Joined: 29 Mar 2004
Posts: 79
|
| Posted: Tue Dec 14, 2004 8:14 pm Post subject: |
|
|
| This can be done very easily with syslog-ng. See the manual here. |
|
| Back to top |
|
|
speed_bump
Tux's lil' helper
Joined: 10 Jan 2004
Posts: 92
Location: Wisconsin, USA
|
| Posted: Wed Dec 15, 2004 3:26 am Post subject: |
|
|
Here's an example syslog-ng.conf file that logs to the localhost. It should be reasonably clear as to how to alter this to do what you'd like (and a whole lot more if you're so inclined). In particular, note the filters for pop3 and imap which perform a string compare on the program name. You'll probably need to do that for some of the things you'd like to do.
| Code: | options {
long_hostnames(off);
sync(0);
# The default action of syslog-ng 1.6.0 is to log a STATS line
# to the file every 10 minutes. That's pretty ugly after a while.
# Change it to every 12 hours so you get a nice daily update of
# how many messages syslog-ng missed (0).
stats(43200);
};
source src { unix-stream("/dev/log" max_connections(1000)); internal(); pipe("/proc/kmsg"); };
destination messages { file("/var/log/messages"); };
# By default messages are logged to tty12...
destination console_all { file("/dev/tty12"); };
# ...if you intend to use /dev/console for programs like xconsole
# you can comment out the destination line above that references /dev/tty12
# and uncomment the line below.
#destination console_all { file("/dev/console"); };
#
#Define standard syslog facilities
filter f_kern { facility(kern); };
filter f_user { facility(user); };
filter f_mail { facility(mail); };
filter f_daemon { facility(daemon); };
filter f_auth { facility(auth); };
filter f_syslog { facility(syslog); };
filter f_lpr { facility(lpr); };
filter f_news { facility(news); };
filter f_uucp { facility(uucp); };
filter f_cron { facility(cron); };
filter f_authpriv { facility(authpriv); };
filter f_ftp { facility(ftp); };
filter f_local0 { facility(local0); };
filter f_local1 { facility(local1); };
filter f_local2 { facility(local2); };
filter f_local3 { facility(local3); };
filter f_local4 { facility(local4); };
filter f_local5 { facility(local5); };
filter f_local6 { facility(local6); };
filter f_local7 { facility(local7); };
#
#Define standard syslog priorities
filter f_debug { level(debug); };
filter f_info { level(info); };
filter f_notice { level(notice); };
filter f_warn { level(warn); };
filter f_err { level(err); };
filter f_crit { level(crit); };
filter f_alert { level(alert); };
filter f_emerg { level(emerg); };
#
# Remove the stuff we're specifically logging.
filter f_syslog { not facility(mail,kern,cron); };
#
#mail filters
destination mail_debug { file("/var/log/mail.debug"); };
destination mail_info { file("/var/log/mail.info"); };
destination mail_notice { file("/var/log/mail.notice"); };
destination mail_warn { file("/var/log/mail.warn"); };
destination mail_error { file("/var/log/mail.error"); };
destination mail_crit { file("/var/log/mail.crit"); };
destination mail_alert { file("/var/log/mail.alert"); };
destination mail_emerg { file("/var/log/mail.emerg"); };
destination imap_log { file("/var/log/imap.log"); };
destination mail_poplog { file("/var/log/poplog"); };
filter f_pop3d { program("pop3d"); };
filter f_imapd { program("imapd-ssl"); };
filter f_mta { facility(mail) and level(info) and not match("imapd-ssl") and not match("pop3d"); };
log { source(src); filter(f_mail); filter(f_debug); destination(mail_debug); };
log { source(src); filter(f_mta); destination(mail_info); };
log { source(src); filter(f_mail); filter(f_notice); destination(mail_notice); };
log { source(src); filter(f_mail); filter(f_warn); destination(mail_warn); };
log { source(src); filter(f_mail); filter(f_err); destination(mail_error); };
log { source(src); filter(f_mail); filter(f_crit); destination(mail_crit); };
log { source(src); filter(f_mail); filter(f_alert); destination(mail_alert); };
log { source(src); filter(f_mail); filter(f_emerg); destination(mail_emerg); };
log { source(src); filter(f_imapd); destination(imap_log); };
log { source(src); filter(f_pop3d); destination(mail_poplog); };
#
# Kernel log filters. iptables logs at kernel.warn
destination kernel_log { file("/var/log/kern.log"); };
log { source(src); filter(f_kern); destination(kernel_log); };
#
# Filter out the crond logs
destination cron_log { file("/var/log/cron"); };
log { source(src); filter(f_cron); destination(cron_log); };
# Logs of last resort
log { source(src); filter(f_syslog); destination(messages); };
log { source(src); destination(console_all); };
|
|
|
| Back to top |
|
|
|
Networking & Security
