Hi Nate,
>> Can't you just filter them based on server name in the logs?
>
> if your syslog server runs syslog-ng yes. Last I checked the
> normal syslog server did not have such support.
Actually I meant whatever he was using to parse the logs could filter the
logs on the server name "column" in the system log.
I can see where splitting them would be very useful though.
> I think they only go to the syslog server though I've only
> configured syslog.conf in this manor
>
> *.* @syslog.host
>
>
> if you were do have the above in addition to the standard stuff
> it may go in both places.....but I doubt it.
I guess only the logserver is what you need to look at anyway and it saves
space on the remote servers.
What if the logserver is down? Do the logs get kept until the logserver
is available again or are they lost completely?
> combined with syslog-ng, logrotate, and logcheck it works great.
Yeah I LOVE logcheck :)
> syslog-ng has the added benefit of being able to specify ports as
> well as use TCP. e.g systems outside my firewall log to my firewall on
> port 24350/tcp which is forwarded into my syslog server.
I am thinking mostly of systems in my DMZ to a logserver inside my private
lan space to keep them more secure.
Hadn't thought of the other machines in the big bad Internet that I look
after as well. Hmmmmm....
--
Regards,
+-----------------------------+---------------------------------+
| Peter Kiem .^. | E-Mail : <[EMAIL PROTECTED]> |
| Zordah IT /V\ | Mobile : +61 0414 724 766 |
| IT Consultancy & /( )\ | WWW : www.zordah.net |
| Internet Hosting ^^-^^ | ICQ : "Zordah" 866661 |
+-----------------------------+---------------------------------+
My current spamtrap address is [EMAIL PROTECTED]
--
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe
https://listman.redhat.com/mailman/listinfo/redhat-list
