Date: Thu, 21 Oct 2004 19:52:53 +0300 From: Giorgos Keramidas <keramida@ceid.upatras.gr> To: Odhiambo Washington <wash@wananchi.com>, freebsd-questions@freebsd.org Subject: Re: Syslog Server - splitting log info from client machines Message-ID: <20041021165253.GA5953@orion.daedalusnetworks.priv> In-Reply-To: <20041021152945.GI32517@ns2.wananchi.com> References: <20041021152945.GI32517@ns2.wananchi.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2004-10-21 18:29, Odhiambo Washington <wash@wananchi.com> wrote: > > A quick question: > > On the client machine, I have: > > *.* @loghost > > Then on loghost, I want to split logs coming from the client machine > into different files. I want separate log file for imapd, pop3d, etc. > > How do I do this with stock syslogd? Look at the `+hostname' specification in syslog.conf(5). You can use something like this: +host1 *.* /var/log/remote/host1/messages +host2 *.* /var/log/remote/host2/messages in your `syslog.conf' file. Please note that adding this to the end of the syslog.conf file will not inhibit logging of the same messages to /var/log/messages or any other matches found earlier. Thus, this syslog.conf file: *.* /var/log/messages +foo *.* /var/log/remote/foo/messages Will log the messages from host `foo' both in /var/log/messages *AND* /var/log/remote/foo/messages. To make syslogd log the messages from host `foo' only in /var/log/remote/foo/messages you'd have to use something like this: -foo *.* /var/log/messages +foo *.* /var/log/remote/foo/messages Multiple hosts can be specified like this: -foo,bar *.* /var/log/messages +foo *.* /var/log/remote/foo/messages +bar *.* /var/log/remote/bar/messages Regards, Giorgos
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041021165253.GA5953>