RE: [Nolug] SYSLOG Recommendation?

From: Charles Jouglard <pcguy1_at_cox.net>
Date: Sat, 30 Apr 2005 10:25:27 -0500
Message-ID: <2005430102527.286461@security-admin>

Hi, Sorry for the delayed response. For some reason my new spam filters sent
everything from NOLUG to the bit-bucket.

Anyway, I will try the suggestions on BSD and see if that will work. Either way
it looks like if I continue to use a readily available solution or one built-in
it will take some tweaking.

Again, a big thanks to all who responded for sharing your knowledge and
experiences.

Cheers,
Charles

On Thu, 28 Apr 2005 20:53:41 -0500, John Souvestre wrote:
Hi Ray.

> That looks like the same manpage from Linux and OpenBSD. :)

Cool! You should be able to do as I am doing then.

> According to the manpages, using the local facilities is only
> possible for local0-local7. What happens on the 9th device?

I don't know. I guess that the protocol only has a 3 bit field for that. I'm
only using local1 and local2, I believe. Do you need 9 local devices? If so,
perhaps you could run a second SysLog using another port number.

> Also you had to configure those routers to log everything to
> local1 and local2, right?

Yes.

> I'd like to be able to use the different facilities such as
> kern.*, mail.*, authpriv.* on the remote devices, and have those
> goto separate files on the loghost.

Ah so! I don't think that would be easy to do in general, but remember that
you do have multiple levels (emerg, alert, crit, err, warning, notice, info
and debug). This gives you 8 "levels" you could map the remote facilities to.

Regards,

John

    John Souvestre - Southern Star - (504) 888-3348 - www.sstar.com

 

___________________
Nolug mailing list
nolug@nolug.org
Received on 04/30/05

This archive was generated by hypermail 2.2.0 : 12/19/08 EST