Delao, Darryl W said: > Anyone have a good recommendation for a syslog server to handle logs from > a cisco router, pix firewall and apache and other system logs?
syslog-ng I think is probably the best bet. my sample configuration: options { long_hostnames(off); sync(0); mark(3600); }; source s_remote { udp(ip(10.10.10.3) port (514)); internal(); unix-dgram("/dev/log"); file("/dev/klog"); }; filter f_hosts { level(debug..emerg); }; filter f_mail { program(postfix) or program(sendmail) or program(exim) or program(sm-mta); }; filter f_vpn { program(vpnd) or program(vtun) or program(stunnel) or host(cis-vpn.*); }; filter f_kern { program(kernel); }; filter f_lp { program(lpd) or program(lpr); }; filter f_ssh { program(sshd) or program(sshd2); }; filter f_sugood { program(su) and match(root); }; filter f_pamsubad { program(PAM_unix) and match(root) and match(failure); }; filter f_cron { program(cron) or program(anacron); }; filter f_proxy { program(squid); }; filter f_inetd { program(xinetd) or program(inetd); }; filter f_restart { match (restart); }; filter f_named { program(named); }; filter f_critical { match(crit); }; filter f_pop3 { program(pop3d); }; filter f_imap4 { program(imapd); }; filter f_denied { match (denied); }; filter f_mark { match (MARK); }; filter f_ftp { program (ftpd) or program(proftpd); }; filter f_switch { host(cis3548.*) or host(summit.*); }; filter f_database { program(slapd) or program(mysql); }; filter f_printers { host(bambam) or host(pebbles); }; filter f_ups { program(upsd) or program(upsmon); }; destination d_mail { file("/var/log-ng/mail.log"); }; destination d_vpn { file("/var/log-ng/vpn.log"); }; destination d_kern { file("/var/log-ng/kernel.log"); }; destination d_lp { file("/var/log-ng/lpr.log"); }; destination d_ssh { file("/var/log-ng/ssh.log"); }; destination d_sugood { file("/var/log-ng/su-good.log"); }; destination d_pamsubad { file("/var/log-ng/su-bad.log"); }; destination d_cron { file("/var/log-ng/cron.log"); }; destination d_proxy { file("/var/log-ng/proxy.log"); }; destination d_inetd { file("/var/log-ng/inetd.log"); }; destination d_restart { file("/var/log-ng/restart.log"); }; destination d_critical { file("/var/log-ng/crit.log"); }; destination d_named { file("/var/log-ng/named.log"); }; destination d_hostmsg { file("/var/log-ng/messages.$HOST"); }; destination d_pop3 { file("/var/log-ng/pop3.log"); }; destination d_imap4 { file("/var/log-ng/imap4.log"); }; destination d_denied { file("/var/log-ng/denied.log"); }; destination d_mark { file("/var/log-ng/mark.log"); }; destination d_ftp { file("/var/log-ng/ftp.log"); }; destination d_switch { file("/var/log-ng/switch.log"); }; destination d_database { file("/var/log-ng/database.log"); }; destination d_printers { file("/var/log-ng/printers.log"); }; destination d_ups { file("/var/log-ng/ups.log"); }; log { source(s_remote); filter(f_mail); destination(d_mail); }; log { source(s_remote); filter(f_vpn); destination(d_vpn); }; log { source(s_remote); filter(f_kern); destination(d_kern); }; log { source(s_remote); filter(f_lp); destination(d_lp); }; log { source(s_remote); filter(f_ssh); destination(d_ssh); }; log { source(s_remote); filter(f_sugood); destination(d_sugood); }; log { source(s_remote); filter(f_pamsubad); destination(d_pamsubad); }; log { source(s_remote); filter(f_cron); destination(d_cron); }; log { source(s_remote); filter(f_proxy); destination(d_proxy); }; log { source(s_remote); filter(f_inetd); destination(d_inetd); }; log { source(s_remote); filter(f_restart); destination(d_restart); }; log { source(s_remote); filter(f_critical); destination(d_critical); }; log { source(s_remote); filter(f_hosts); destination(d_hostmsg); }; #log { source(s_streams); filter(f_hosts); destination(d_hostmsg); }; log { source(s_remote); filter(f_named); destination(d_named); }; log { source(s_remote); filter(f_pop3); destination(d_pop3); }; log { source(s_remote); filter(f_imap4); destination(d_imap4); }; log { source(s_remote); filter(f_denied); destination(d_denied); }; log { source(s_remote); filter(f_mark); destination(d_mark); }; log { source(s_remote); filter(f_mark); destination(d_mark); }; log { source(s_remote); filter(f_switch); destination(d_switch); }; log { source(s_remote); filter(f_database); destination(d_database); }; log { source(s_remote); filter(f_printers); destination(d_printers); }; log { source(s_remote); filter(f_ups); destination(d_ups); }; my syslog-ng runs on freebsd, so the very top reference to /dev/klog can be taken out if your syslog-ng host is linux. this in combo with loghceck & logrotate, is a great log setup for me. nate -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list