[Linux-disciples] Syslogging

[Adam Rosi-Kessel]

Stephen R Laniel wrote:
> Word to the wise: syslog (package sysklogd) appears
> to be insufficient for anything beyond basic syslogging.
> At work, we want to centralize all of our syslogs in one
> central machine, and for right now we're even just trying to
> get the syslogs from one Barracuda appliance to reside on
> another machine so that we can grep through it and don't
> need to use the sub-par tools available on the Barracuda. So
> we need remote logging abilities. The standard syslog does
> that, via the '-r' option. But then we want to pull the logs
> for 10.1.1.37 off into their own file. We could do that via
> post-processing on /var/log/syslog, but for a few obvious
> reasons I think it would be better to have the syslogger
> itself do this. The standard syslog only allows you to
> separate logs by facility and urgency, not by incoming IP
> address.

Another hackish solution, along the lines of the last hackish solution I
made, if you don't want to use a more sophisticated syslog daemon, is to
have /var/log/syslog be a fifo, then have another task that reads from that
fifo and does all the processing you want. This would presumably be
preferable than having to periodically process /var/log/syslog and deal with
 file locking, etc..  Your fifo reading could just be a perl while (<>)
scritp that does the regexp processing you want.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 250 bytes
Desc: OpenPGP digital signature
Url : http://lists.bostoncoop.net/pipermail/linux-disciples/attachments/20060210/bde5d39b/signature.pgp