Ok, I can't quite figure out how to make this work. I want to
simultaneously log everything for facility local5 in a local file and
a remote syslog-ng server. local7 is working fine getting the
boot.log log entries transferred over to the syslog-ng server, but not
so much with local5. Local logging of local5.* on the client is
working fine now.
SERVER:
/etc/syslog-ng/syslog-ng.conf (excerpt below)
options
{
log_fifo_size(8192);
# garden gnomes shouldn't log (Gnome has a buggy log implementation)
# needs to be set on client systems, too...
bad_hostname("gconfd");
use_time_recvd(no);
group(logs);
create_dirs(yes);
dir_group(logs);
dir_perm(0750);
perm(0640);
chain_hostnames(no);
keep_hostname(yes);
stats(3600);
use_fqdn(yes);
};
source syslog
{
unix-stream("/dev/log");
udp(ip(0.0.0.0) port(514));
tcp(ip(0.0.0.0) port(5149) max-connections(300));
internal();
};
destination mylogfile.log {
file(/var/log/syslog-ng/$HOST/mylogfile.log);
};
destination boot.log {
file(/var/log/syslog-ng/$HOST/boot.log);
};
filter f_local7 {
facility(local7);
};
filter f_local5 {
facility(local5);
};
log {
source(syslog);
filter(f_local7);
destination(boot.log);
};
log {
source(syslog);
filter(f_local5);
destination(mylogfile.log);
};
CLIENT
/etc/syslog.conf excerpt
*.* @syslogngbox
local7.* /var/log/boot.log
local5.* /var/log/mylogfile.log