Now I'm trialling rsyslogd, which looks quite good. Unfortunately it took much longer to configure than I had hoped. I wanted something fairly simple - the split of logs as above, and local logs going to the regular files to prevent any confusion when others need to use the box. The config I came up with was:
$template timeandhost_auth, "/var/log/rsyslog/%FROMHOST%/%$YEAR%/%$MONTH%/%FROMHOST%-%$NOW%-auth.log"
$template timeandhost_syslog, "/var/log/rsyslog/%FROMHOST%/%$YEAR%/%$MONTH%/%FROMHOST%-%$NOW%-syslog.log"
if $source != 'mybox' then ?timeandhost_syslog
if $source != 'mybox' and ($syslogfacility-text == 'authpriv' or $syslogfacility-text == 'auth') then ?timeandhost_auth
if $syslogfacility-text == 'cron' then -/var/log/cron.log
if $source == 'mybox' and ($syslogfacility-text == 'authpriv' or $syslogfacility-text == 'auth') then /var/log/auth.log
if $source == 'mybox' then -/var/log/syslog
if $source == 'mybox' and $syslogfacility-text == 'daemon' then -/var/log/daemon.log
if $source == 'mybox' and $syslogfacility-text == 'kern' then -/var/log/kern.log
The example config for what I wanted to do was wrong. The source is not 'localhost', but whatever the local dns name is ('mybox').
I also had to change $FileGroup to 'syslog' from 'adm' to make it work, even though this shouldn't have mattered. Without this I was getting 'Could not open dynamic file' errors where the file would be created with the right permissions and ownership, but rsyslogd then couldn't write to it.
No comments:
Post a Comment