> He's a question I've always was curious about:
>
> If you have your linux box/unix box set up for logging, but
> you want to log
> more than 7 devices with their own log file, how do you do it
> if you only
> have 6-7 facilities (local0-local7) to work with in the
> syslog.conf file?!?!
>
>
> all tips and tricks appreciated.
First, if you use local0-local7, you have 8 devices available, so
that might answer you question right away. Since that's most probably not
the case:
One approach is to use facilities to log for different types of
devices. For example:
local0 - switches
local1 - routers
local2 - firewalls
local3 - ids
local4 - load balancing devices
...
This way you could have all the relevant information in separate
files. Of course, you can take more important ones out from this and use
specific facilities for them.
If you approach the problem this way, 8 facilities is not that
little.
Another approach would, of course, be smarter syslog dfmon than the
one that comes with most UNIX/Linux distributions. You could use thatto
divert entries based on content adn/or source. Any hints in this regard
would be welcome :-).
Marko.
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=41285&t=41165
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
