Hi all!
I'm still googling for this, but after quite a while I'm no closer, so I figured I'd ask you guys:
I've got my router using syslog on my centos box to log the router's system events. Works fine.
however, it mixes 'em into /var/log/messages along with the messages from the Centos box itself.
is there a way to separate them into itsown (set of??) files? So far I've not come up with anything.
Thanks in advance!
Fred
PS: We're speaking of Centos 5.7 here.
Am 03.12.2011 00:04, schrieb fred smith:
Hi all!
I'm still googling for this, but after quite a while I'm no closer, so I figured I'd ask you guys:
I've got my router using syslog on my centos box to log the router's system events. Works fine.
however, it mixes 'em into /var/log/messages along with the messages from the Centos box itself.
this is why the ost-column exists
On Sat, Dec 03, 2011 at 12:36:48AM +0100, Reindl Harald wrote:
Am 03.12.2011 00:04, schrieb fred smith:
Hi all!
I'm still googling for this, but after quite a while I'm no closer, so I figured I'd ask you guys:
I've got my router using syslog on my centos box to log the router's system events. Works fine.
however, it mixes 'em into /var/log/messages along with the messages from the Centos box itself.
this is why the ost-column exists
Could I get you to elaborate on that, please?
Am 03.12.2011 01:05, schrieb fred smith:
On Sat, Dec 03, 2011 at 12:36:48AM +0100, Reindl Harald wrote:
Am 03.12.2011 00:04, schrieb fred smith:
Hi all!
I'm still googling for this, but after quite a while I'm no closer, so I figured I'd ask you guys:
I've got my router using syslog on my centos box to log the router's system events. Works fine.
however, it mixes 'em into /var/log/messages along with the messages from the Centos box itself.
this is why the ost-column exists
Could I get you to elaborate on that, please?
what do you think why you have in every line the hostname? it's designed for log the messages of more than one machine
without this the host-column would make no sense if its always the local machine
On Sat, Dec 03, 2011 at 02:30:16AM +0100, Reindl Harald wrote:
Am 03.12.2011 01:05, schrieb fred smith:
On Sat, Dec 03, 2011 at 12:36:48AM +0100, Reindl Harald wrote:
Am 03.12.2011 00:04, schrieb fred smith:
Hi all!
I'm still googling for this, but after quite a while I'm no closer, so I figured I'd ask you guys:
I've got my router using syslog on my centos box to log the router's system events. Works fine.
however, it mixes 'em into /var/log/messages along with the messages from the Centos box itself.
this is why the ost-column exists
Could I get you to elaborate on that, please?
what do you think why you have in every line the hostname? it's designed for log the messages of more than one machine
without this the host-column would make no sense if its always the local machine
oh, now I understand. I didn't know what "ost-column" meant. thanks.
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Vreme: 12/03/2011 12:04 AM, fred smith piše:
Hi all!
I'm still googling for this, but after quite a while I'm no closer, so I figured I'd ask you guys:
I've got my router using syslog on my centos box to log the router's system events. Works fine.
however, it mixes 'em into /var/log/messages along with the messages from the Centos box itself.
is there a way to separate them into itsown (set of??) files? So far I've not come up with anything.
Thanks in advance!
Fred
PS: We're speaking of Centos 5.7 here.
I am in professional wireless business. My solution was to deinstall syslog and install syslog-ng, it's supports separation based on IP, name, etc..
On Sat, Dec 03, 2011 at 12:48:14AM +0100, Ljubomir Ljubojevic wrote:
Vreme: 12/03/2011 12:04 AM, fred smith piše:
Hi all!
I'm still googling for this, but after quite a while I'm no closer, so I figured I'd ask you guys:
I've got my router using syslog on my centos box to log the router's system events. Works fine.
however, it mixes 'em into /var/log/messages along with the messages from the Centos box itself.
is there a way to separate them into itsown (set of??) files? So far I've not come up with anything.
Thanks in advance!
Fred
PS: We're speaking of Centos 5.7 here.
I am in professional wireless business. My solution was to deinstall syslog and install syslog-ng, it's supports separation based on IP, name, etc..
thanks. I was hoping for some kind of hack so I wouldn't need to do that.
Vreme: 12/03/2011 01:06 AM, fred smith piše:
I am in professional wireless business. My solution was to deinstall syslog and install syslog-ng, it's supports separation based on IP, name, etc..
thanks. I was hoping for some kind of hack so I wouldn't need to do that.
I am not aware of any hack to do that. My extensive research suggested it can not be done with syslog.
On Sat, Dec 03, 2011 at 01:37:55AM +0100, Ljubomir Ljubojevic wrote:
Vreme: 12/03/2011 01:06 AM, fred smith piše:
I am in professional wireless business. My solution was to deinstall syslog and install syslog-ng, it's supports separation based on IP, name, etc..
thanks. I was hoping for some kind of hack so I wouldn't need to do that.
I am not aware of any hack to do that. My extensive research suggested it can not be done with syslog.
I think you're right. but I can visualize a horrid hack (that I don't want to do, but nevertheless...). it looks as if in syslog.conf you can specify either a file to write to for each class of data. or you can specify a pipe (a fifo, I think). if you had a process listening on that fifo it could do some filtering for you. but I don't think I want to trust my system logging to such a hack.
On 12/2/2011 5:06 PM, fred smith wrote:
On Sat, Dec 03, 2011 at 12:48:14AM +0100, Ljubomir Ljubojevic wrote:
Vreme: 12/03/2011 12:04 AM, fred smith piše:
Hi all!
I'm still googling for this, but after quite a while I'm no closer, so I figured I'd ask you guys:
I've got my router using syslog on my centos box to log the router's system events. Works fine.
however, it mixes 'em into /var/log/messages along with the messages from the Centos box itself.
is there a way to separate them into itsown (set of??) files? So far I've not come up with anything.
Thanks in advance!
Fred
PS: We're speaking of Centos 5.7 here.
I am in professional wireless business. My solution was to deinstall syslog and install syslog-ng, it's supports separation based on IP, name, etc..
thanks. I was hoping for some kind of hack so I wouldn't need to do that.
For what it's worth, you can replace sysklogd with "rsyslog", which has compatible configuration, so you don't need to change much in the conf file.
An example for logging based on name:
http://wiki.rsyslog.com/index.php/Log_Router_syslog_with_Dynamic_File_Names
It's a base centos package, so you can just "yum install rsyslog"
Vreme: 12/03/2011 03:35 AM, Corey Henderson piše:
I am in professional wireless business. My solution was to deinstall syslog and install syslog-ng, it's supports separation based on IP, name, etc..
thanks. I was hoping for some kind of hack so I wouldn't need to do that.
For what it's worth, you can replace sysklogd with "rsyslog", which has compatible configuration, so you don't need to change much in the conf file.
An example for logging based on name:
http://wiki.rsyslog.com/index.php/Log_Router_syslog_with_Dynamic_File_Names
It's a base centos package, so you can just "yum install rsyslog"
Well, this is embarrassing, but when Corey posted about rsyslog my light bulb turned on and I actually checked what I run.
I actually run rsyslog, not the syslog-ng. It was installed about a year ago, and I know I looked at both packages, but... no excuse really for my mistake.
Am 03.12.2011 00:04, schrieb fred smith:
I've got my router using syslog on my centos box to log the router's system events. Works fine.
however, it mixes 'em into /var/log/messages along with the messages from the Centos box itself.
is there a way to separate them into itsown (set of??) files? So far I've not come up with anything.
Every syslog daemon I know of (even good old syslogd classic) is able to direct messages to different files depending on their facility and priority. Most routers send their messages with one of the "local" facilities (local0 .. local7), though it's frequently neither documented nor configurable, at least with the cheap consumer grade models. OTOH, on a typical CentOS system little else uses the local* facility. So chances are if you configure your syslog daemon to log all of the local* facilities to a file /var/log/router and not to /var/log/messages you'll end up with just the router messages in /var/log/router.
HTH
On Sat, Dec 03, 2011 at 06:21:25PM +0100, Tilman Schmidt wrote:
Am 03.12.2011 00:04, schrieb fred smith:
I've got my router using syslog on my centos box to log the router's system events. Works fine.
however, it mixes 'em into /var/log/messages along with the messages from the Centos box itself.
is there a way to separate them into itsown (set of??) files? So far I've not come up with anything.
Every syslog daemon I know of (even good old syslogd classic) is able to direct messages to different files depending on their facility and priority. Most routers send their messages with one of the "local" facilities (local0 .. local7), though it's frequently neither documented nor configurable, at least with the cheap consumer grade models. OTOH, on a typical CentOS system little else uses the local* facility. So chances are if you configure your syslog daemon to log all of the local* facilities to a file /var/log/router and not to /var/log/messages you'll end up with just the router messages in /var/log/router.
HTH
thanks, Tilman, it may well be of help. I'll check that out.
On Sat, Dec 03, 2011 at 12:30:14PM -0500, fred smith wrote:
On Sat, Dec 03, 2011 at 06:21:25PM +0100, Tilman Schmidt wrote:
Am 03.12.2011 00:04, schrieb fred smith:
I've got my router using syslog on my centos box to log the router's system events. Works fine.
however, it mixes 'em into /var/log/messages along with the messages from the Centos box itself.
is there a way to separate them into itsown (set of??) files? So far I've not come up with anything.
Every syslog daemon I know of (even good old syslogd classic) is able to direct messages to different files depending on their facility and priority. Most routers send their messages with one of the "local" facilities (local0 .. local7), though it's frequently neither documented nor configurable, at least with the cheap consumer grade models. OTOH, on a typical CentOS system little else uses the local* facility. So chances are if you configure your syslog daemon to log all of the local* facilities to a file /var/log/router and not to /var/log/messages you'll end up with just the router messages in /var/log/router.
HTH
thanks, Tilman, it may well be of help. I'll check that out.
hmm.,.. a little hacking with wireshark shows that the bulk of them (the ones reporting dropped packets on the firewall) are USER.WARNING. probably not easily filterable, as I'd suspect there are also some of the same sort locally. but I'll keep looking.