Trying to figure out if there's a way to get syslog.conf to direct remote logging from a wireless access point to log to a separate file instead of the main syslog and can't figure out how that could be done from man syslog.conf (or man 2/3 of syslog)
this clearly doesn't work
192.168.1.251.* /var/log/WAP-2.log
which according to the man page, makes sense since this the IP address is not a facility.
Is there a way to do this that I am missing?
Craig
on 11-19-2008 4:02 PM Craig White spake the following:
Trying to figure out if there's a way to get syslog.conf to direct remote logging from a wireless access point to log to a separate file instead of the main syslog and can't figure out how that could be done from man syslog.conf (or man 2/3 of syslog)
this clearly doesn't work
192.168.1.251.* /var/log/WAP-2.log
which according to the man page, makes sense since this the IP address is not a facility.
Is there a way to do this that I am missing?
Craig
I'm not 100% sure that you can do this with the stock syslogd. You might need something like rsyslog to handle that.
On Wed, Nov 19, 2008 at 6:02 PM, Craig White craigwhite@azapple.com wrote:
Trying to figure out if there's a way to get syslog.conf to direct remote logging from a wireless access point to log to a separate file instead of the main syslog and can't figure out how that could be done from man syslog.conf (or man 2/3 of syslog)
this clearly doesn't work
192.168.1.251.* /var/log/WAP-2.log
which according to the man page, makes sense since this the IP address is not a facility.
Is there a way to do this that I am missing?
The AP's syslog parms must match the syslog.conf parms.
e.g., for a MikroTik AP,
[root@catch22 ~]# grep -i mikrotik /etc/syslog.conf # MikroTik router messages user.* /var/log/mikrotik.log [root@catch22 ~]#
rgds/ldv
On Wed, 2008-11-19 at 18:19 -0600, Larry Vaden wrote:
On Wed, Nov 19, 2008 at 6:02 PM, Craig White craigwhite@azapple.com wrote:
Trying to figure out if there's a way to get syslog.conf to direct remote logging from a wireless access point to log to a separate file instead of the main syslog and can't figure out how that could be done from man syslog.conf (or man 2/3 of syslog)
this clearly doesn't work
192.168.1.251.* /var/log/WAP-2.log
which according to the man page, makes sense since this the IP address is not a facility.
Is there a way to do this that I am missing?
The AP's syslog parms must match the syslog.conf parms.
e.g., for a MikroTik AP,
[root@catch22 ~]# grep -i mikrotik /etc/syslog.conf # MikroTik router messages user.* /var/log/mikrotik.log
---- I suspect I'm SOL...(Linksys WAP is Linux I think. They do have the source code available for D/L)
local0.* /var/log/local0.log local1.* /var/log/local1.log local2.* /var/log/local2.log local3.* /var/log/local3.log local4.* /var/log/local4.log local5.* /var/log/local5.log local6.* /var/log/local6.log user.* /var/log/user.log
restarted syslog service and then rebooted WAP but all of those files are still empty ;-(
Thanks
Craig
On Wed, Nov 19, 2008 at 6:36 PM, Craig White craigwhite@azapple.com wrote:
On Wed, 2008-11-19 at 18:19 -0600, Larry Vaden wrote:
On Wed, Nov 19, 2008 at 6:02 PM, Craig White craigwhite@azapple.com wrote:
Trying to figure out if there's a way to get syslog.conf to direct remote logging from a wireless access point to log to a separate file instead of the main syslog and can't figure out how that could be done from man syslog.conf (or man 2/3 of syslog)
this clearly doesn't work
192.168.1.251.* /var/log/WAP-2.log
which according to the man page, makes sense since this the IP address is not a facility.
Is there a way to do this that I am missing?
The AP's syslog parms must match the syslog.conf parms.
e.g., for a MikroTik AP,
[root@catch22 ~]# grep -i mikrotik /etc/syslog.conf # MikroTik router messages user.* /var/log/mikrotik.log
I suspect I'm SOL...(Linksys WAP is Linux I think. They do have the source code available for D/L)
local0.* /var/log/local0.log local1.* /var/log/local1.log local2.* /var/log/local2.log local3.* /var/log/local3.log local4.* /var/log/local4.log local5.* /var/log/local5.log local6.* /var/log/local6.log user.* /var/log/user.log
restarted syslog service and then rebooted WAP but all of those files are still empty ;-(
http://www.linuxquestions.org/questions/linux-networking-3/linksys-rv042-to-red-hat-syslog-337424/ suggests that perhaps daemon.info would work, I dunno. At any rate, one of the articles found by Google should reveal the answer.
On Wed, 2008-11-19 at 19:19 -0600, Larry Vaden wrote:
On Wed, Nov 19, 2008 at 6:36 PM, Craig White craigwhite@azapple.com wrote:
On Wed, 2008-11-19 at 18:19 -0600, Larry Vaden wrote:
On Wed, Nov 19, 2008 at 6:02 PM, Craig White craigwhite@azapple.com wrote:
Trying to figure out if there's a way to get syslog.conf to direct remote logging from a wireless access point to log to a separate file instead of the main syslog and can't figure out how that could be done from man syslog.conf (or man 2/3 of syslog)
this clearly doesn't work
192.168.1.251.* /var/log/WAP-2.log
which according to the man page, makes sense since this the IP address is not a facility.
Is there a way to do this that I am missing?
The AP's syslog parms must match the syslog.conf parms.
e.g., for a MikroTik AP,
[root@catch22 ~]# grep -i mikrotik /etc/syslog.conf # MikroTik router messages user.* /var/log/mikrotik.log
I suspect I'm SOL...(Linksys WAP is Linux I think. They do have the source code available for D/L)
local0.* /var/log/local0.log local1.* /var/log/local1.log local2.* /var/log/local2.log local3.* /var/log/local3.log local4.* /var/log/local4.log local5.* /var/log/local5.log local6.* /var/log/local6.log user.* /var/log/user.log
restarted syslog service and then rebooted WAP but all of those files are still empty ;-(
http://www.linuxquestions.org/questions/linux-networking-3/linksys-rv042-to-red-hat-syslog-337424/ suggests that perhaps daemon.info would work, I dunno. At any rate, one of the articles found by Google should reveal the answer.
---- tcpdump is my friend (but also the bearer of what appears to be bad news)...
# tcpdump -nvvX udp port 514 -s 1500 -i eth1 tcpdump: listening on eth1, link-type EN10MB (Ethernet), capture size 1500 bytes 18:32:16.412516 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto: UDP (17), length: 74) 192.168.1.251.clearvisn > 192.168.1.5.syslog: [udp sum ok] SYSLOG, length: 46 Facility kernel (0), Severity info (6) Msg: WAP-2 rg_system_full:255: killall rt2500apd 0x0000: 3c36 3e57 4150 2d32 2072 675f 7379 7374 0x0010: 656d 5f66 756c 6c3a 3235 353a 206b 696c 0x0020: 6c61 6c6c 2072 7432 3530 3061 7064 0x0000: 4500 004a 0000 4000 4011 a452 c0a8 0afb E..J..@.@..R.... 0x0010: c0a8 0a05 0804 0202 0036 2c32 3c36 3e57 .........6,2<6>W 0x0020: 4150 2d32 2072 675f 7379 7374 656d 5f66 AP-2.rg_system_f 0x0030: 756c 6c3a 3235 353a 206b 696c 6c61 6c6c ull:255:.killall 0x0040: 2072 7432 3530 3061 7064 .rt2500apd
I gather that this means that it's facility is kernel and thus I can't separate it from the local machine.
Craig
On Wed, Nov 19, 2008 at 7:02 PM, Craig White craigwhite@azapple.com wrote:
Trying to figure out if there's a way to get syslog.conf to direct remote logging from a wireless access point to log to a separate file instead of the main syslog and can't figure out how that could be done from man syslog.conf (or man 2/3 of syslog)
this clearly doesn't work
192.168.1.251.* /var/log/WAP-2.log
which according to the man page, makes sense since this the IP address is not a facility.
Is there a way to do this that I am missing?
The stock syslog package can't do this. You need rsyslog to make this happen. You can set up various templates and filters based on the log file information also. See http://www.bofh-hunter.com/2007/12/31/centralized-logging-with-centos-and-rs... for a brief walkthrough on the basics.
On Wed, 19 Nov 2008, Jim Perrin wrote:
On Wed, Nov 19, 2008 at 7:02 PM, Craig White craigwhite@azapple.com wrote:
Trying to figure out if there's a way to get syslog.conf to direct remote logging from a wireless access point to log to a separate file instead of the main syslog and can't figure out how that could be done from man syslog.conf (or man 2/3 of syslog)
this clearly doesn't work
192.168.1.251.* /var/log/WAP-2.log
which according to the man page, makes sense since this the IP address is not a facility.
Is there a way to do this that I am missing?
The stock syslog package can't do this. You need rsyslog to make this happen. You can set up various templates and filters based on the log file information also. See http://www.bofh-hunter.com/2007/12/31/centralized-logging-with-centos-and-rs... for a brief walkthrough on the basics.
In RPMforge we have backported rsyslog packages from RHEL5 to RHEL4. In this case version 2.0.0-11, but when RHEL5.3 is released (or security updates are released) I am commited to release them for RHEL4.
mmm I'm not sure if I understood, but when you want to register any log to remote host you must to do as follow:
mail.* @10.0.1.1
The example above is for register any mail logs into mail to remote host with 10.0.1.1 ip address.
2008/11/22 Dag Wieers dag@centos.org:
On Wed, 19 Nov 2008, Jim Perrin wrote:
On Wed, Nov 19, 2008 at 7:02 PM, Craig White craigwhite@azapple.com wrote:
Trying to figure out if there's a way to get syslog.conf to direct remote logging from a wireless access point to log to a separate file instead of the main syslog and can't figure out how that could be done from man syslog.conf (or man 2/3 of syslog)
this clearly doesn't work
192.168.1.251.* /var/log/WAP-2.log
which according to the man page, makes sense since this the IP address is not a facility.
Is there a way to do this that I am missing?
The stock syslog package can't do this. You need rsyslog to make this happen. You can set up various templates and filters based on the log file information also. See
http://www.bofh-hunter.com/2007/12/31/centralized-logging-with-centos-and-rs... for a brief walkthrough on the basics.
In RPMforge we have backported rsyslog packages from RHEL5 to RHEL4. In this case version 2.0.0-11, but when RHEL5.3 is released (or security updates are released) I am commited to release them for RHEL4.
-- -- dag wieers, dag@centos.org, http://dag.wieers.com/ -- [Any errors in spelling, tact or fact are transmission errors] _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On Sat, Nov 22, 2008 at 2:14 PM, Ricardo Carrillo davxoc@gmail.com wrote:
mmm I'm not sure if I understood, but when you want to register any log to remote host you must to do as follow:
mail.* @10.0.1.1
The example above is for register any mail logs into mail to remote host with 10.0.1.1 ip address
Correct, however as I read the OP's query, he wants them in separate files. This is something that the default syslog just can't cope with. With rsyslog, I can create /var/log/hosts/host-a/mail.log, /var/log/hosts/host-b/mail.log, OR you can do /var/log/host-A-mail.log, host-B-mail.log etc.
There are several methods with rsyslog to create logging templates, as well as regex filters and operations that can be performed. It allows for much greater flexibility when it comes to providing a central logging facility.
-
Craig White -
Dag Wieers -
Jim Perrin -
Larry Vaden -
Ricardo Carrillo -
Scott Silva