From owner-freebsd-questions@FreeBSD.ORG  Thu Oct 21 16:53:18 2004
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id C481316A4CE
	for <freebsd-questions@freebsd.org>;
	Thu, 21 Oct 2004 16:53:18 +0000 (GMT)
Received: from aiolos.otenet.gr (aiolos.otenet.gr [195.170.0.23])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 2223A43D3F
	for <freebsd-questions@freebsd.org>;
	Thu, 21 Oct 2004 16:53:17 +0000 (GMT)
	(envelope-from keramida@ceid.upatras.gr)
Received: from orion.daedalusnetworks.priv (aris.bedc.ondsl.gr
	[62.103.39.226])i9LGr1gN013917;	Thu, 21 Oct 2004 19:53:08 +0300
Received: from orion.daedalusnetworks.priv (orion [127.0.0.1])
	i9LGqtAx006119;	Thu, 21 Oct 2004 19:52:55 +0300 (EEST)
	(envelope-from keramida@ceid.upatras.gr)
Received: (from keramida@localhost)i9LGqrva006118;
	Thu, 21 Oct 2004 19:52:53 +0300 (EEST)
	(envelope-from keramida@ceid.upatras.gr)
Date: Thu, 21 Oct 2004 19:52:53 +0300
From: Giorgos Keramidas <keramida@ceid.upatras.gr>
To: Odhiambo Washington <wash@wananchi.com>,
	freebsd-questions@freebsd.org
Message-ID: <20041021165253.GA5953@orion.daedalusnetworks.priv>
References: <20041021152945.GI32517@ns2.wananchi.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20041021152945.GI32517@ns2.wananchi.com>
Subject: Re: Syslog Server - splitting log info from client machines
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Oct 2004 16:53:18 -0000

On 2004-10-21 18:29, Odhiambo Washington <wash@wananchi.com> wrote:
>
> A quick question:
>
> On the client machine, I have:
>
> *.*		@loghost
>
> Then on loghost, I want to split logs coming from the client machine
> into different files. I want separate log file for imapd, pop3d, etc.
>
> How do I do this with stock syslogd?

Look at the `+hostname' specification in syslog.conf(5).  You can use
something like this:

	+host1
	*.*		/var/log/remote/host1/messages

	+host2
	*.*		/var/log/remote/host2/messages

in your `syslog.conf' file.

Please note that adding this to the end of the syslog.conf file will
not inhibit logging of the same messages to /var/log/messages or any
other matches found earlier.  Thus, this syslog.conf file:

	*.*		/var/log/messages

	+foo
	*.*		/var/log/remote/foo/messages

Will log the messages from host `foo' both in /var/log/messages *AND*
/var/log/remote/foo/messages.

To make syslogd log the messages from host `foo' only in
/var/log/remote/foo/messages you'd have to use something like this:

	-foo
	*.*		/var/log/messages

	+foo
	*.*		/var/log/remote/foo/messages

Multiple hosts can be specified like this:

	-foo,bar
	*.*		/var/log/messages

	+foo
	*.*		/var/log/remote/foo/messages

	+bar
	*.*		/var/log/remote/bar/messages

Regards,
Giorgos