Solved

syslog customization

Posted on 2010-11-30
7
381 Views
Last Modified: 2012-08-13
I am trying to customize syslog server and would like to know if its possible to dedicated logfile per device. lets say facility local7is reserved for network devices how can i split this up to per device ? without switching to another facility (sticking with local7 for all devices.)
0
Comment
Question by:shadow2007
  • 4
  • 3
7 Comments
 
LVL 34

Expert Comment

by:Duncan Roe
ID: 34242944
local7 is local7. You can't split it further, not with standard syslog facilities anyway.
0
 

Author Comment

by:shadow2007
ID: 34248627
what abt with rules ? (using syslogd 1.4.1 with cent os 5)
0
 
LVL 34

Expert Comment

by:Duncan Roe
ID: 34252507
Not with syslogd rules, no. You would have to re-build the entire logging system to introduce more categories
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 

Author Comment

by:shadow2007
ID: 34266550
0
 
LVL 34

Expert Comment

by:Duncan Roe
ID: 34272513
This is an article about how to configure a network syslogd server to store entries from multiple systems. You can store entries from different systems into different directories if you want.
I don't think it helps with your requirements. You can't run multiple syslogd servers on your system pretending to be on different systems - is that what you had in mind?
0
 

Author Comment

by:shadow2007
ID: 34285032
my requirement =  store entries from different systems into different files
can this be done ? if so how ?
0
 
LVL 34

Accepted Solution

by:
Duncan Roe earned 500 total points
ID: 34287657
If by store entries from different systems you mean different computer systems, then rsyslog is what you want, as per your penultimate post. But that's not what you asked in the Q, so I'll go back to your original question.
You have all devices logging to local7. You have configured syslog so that there is a dedicated log file for all messages in category local7, any priority. Let's say this file is /var/log/local7
If you look at this log file, can you tell which device each message came from?
I'm going to assume you can.
Can you write a grep command which will filter out all and only the lines of interest for a particular device? I'm going to assume you can do that as well. Btw, if you are generating these messages, you can fix them yourself to make the task easier if need be.
Given the above, bow run the required number of scripts of the form:

tail --follow=name /var/log/local7 | grep your_grep_expression_for_device > device/log

The output file naming is up to you - I gave an example of a separate directory per device.
We do something like this at work for a system that generates masses of log entries when in debug mode - syslog is configured to limit he files to a couple of MB and we run logrotate every minute. The tail argument --follow=name means tail keeps reading the latest file (see man tail) but the output log file itself doesn't rotate well because the script doesn't ever close it.
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now