Re: Assigning a log file per remote IP

From: Martin Schulze <joey_at_infodrom.org>
Date: Fri, 25 May 2007 20:21:01 +0200

Hi Pieter!

Pieter De Wit wrote:
> I am sorry if this was covered before, but the search function is not
> working so I can't check all the archives.

Uh? The search function is Google. It was down?

> I have a machine that I would like to run as a Syslog "server". I have
> changed the startup options to include -r and the devices are sending
> the log info to the server. I can see the info in my "all" log (in
> /etc/syslog.conf I have a line: *.* /var/log/all.log)
>
> Now - what I would like to do is have something like the following:
>
> All messages from 192.168.0.1 to go into /var/log/router.log
> All messages from 192.168.0.2 to go into /var/log/firewall.log
> All messages from 192.168.0.3 to go into /var/log/device.log
>
> etc etc etc
>
> Now everyone is saying that I must look at syslog-ng for this but I
> don't want to. There must be a way to get sysklogd to do this ? Yes ?

This is not possible per se with sysklogd.

If you can adjust the facility on your network devices you could
assign local1 ot the router, local2 to the firewall, local3 to the
next etc. Then you can split log messages based on the facility.

If that's not possible, the proper way at the moment is to create a
named pipe (mknod) and configure syslogd so that it writes all
messages in question into the pipe. Hook a script to it that will
read the line and decide to copy each line into another file, based on
the hostname in the included message.

Regards,

        Joey

-- 
Linux - the choice of a GNU generation.
Received on Fri May 25 2007 - 20:21:01 CEST

This archive was generated by hypermail 2.2.0 : Fri May 25 2007 - 20:27:08 CEST