FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 11-19-2008, 11:02 PM
Craig White
 
Default syslog remote computers

Trying to figure out if there's a way to get syslog.conf to direct
remote logging from a wireless access point to log to a separate file
instead of the main syslog and can't figure out how that could be done
from man syslog.conf (or man 2/3 of syslog)

this clearly doesn't work

192.168.1.251.* /var/log/WAP-2.log

which according to the man page, makes sense since this the IP address
is not a facility.

Is there a way to do this that I am missing?

Craig

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 11-19-2008, 11:16 PM
Scott Silva
 
Default syslog remote computers

on 11-19-2008 4:02 PM Craig White spake the following:
> Trying to figure out if there's a way to get syslog.conf to direct
> remote logging from a wireless access point to log to a separate file
> instead of the main syslog and can't figure out how that could be done
> from man syslog.conf (or man 2/3 of syslog)
>
> this clearly doesn't work
>
> 192.168.1.251.* /var/log/WAP-2.log
>
> which according to the man page, makes sense since this the IP address
> is not a facility.
>
> Is there a way to do this that I am missing?
>
> Craig
I'm not 100% sure that you can do this with the stock syslogd. You might need
something like rsyslog to handle that.

--
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 11-19-2008, 11:19 PM
"Larry Vaden"
 
Default syslog remote computers

On Wed, Nov 19, 2008 at 6:02 PM, Craig White <craigwhite@azapple.com> wrote:
> Trying to figure out if there's a way to get syslog.conf to direct
> remote logging from a wireless access point to log to a separate file
> instead of the main syslog and can't figure out how that could be done
> from man syslog.conf (or man 2/3 of syslog)
>
> this clearly doesn't work
>
> 192.168.1.251.* /var/log/WAP-2.log
>
> which according to the man page, makes sense since this the IP address
> is not a facility.
>
> Is there a way to do this that I am missing?

The AP's syslog parms must match the syslog.conf parms.

e.g., for a MikroTik AP,

[root@catch22 ~]# grep -i mikrotik /etc/syslog.conf
# MikroTik router messages
user.* /var/log/mikrotik.log
[root@catch22 ~]#

rgds/ldv
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 11-19-2008, 11:36 PM
Craig White
 
Default syslog remote computers

On Wed, 2008-11-19 at 18:19 -0600, Larry Vaden wrote:
> On Wed, Nov 19, 2008 at 6:02 PM, Craig White <craigwhite@azapple.com> wrote:
> > Trying to figure out if there's a way to get syslog.conf to direct
> > remote logging from a wireless access point to log to a separate file
> > instead of the main syslog and can't figure out how that could be done
> > from man syslog.conf (or man 2/3 of syslog)
> >
> > this clearly doesn't work
> >
> > 192.168.1.251.* /var/log/WAP-2.log
> >
> > which according to the man page, makes sense since this the IP address
> > is not a facility.
> >
> > Is there a way to do this that I am missing?
>
> The AP's syslog parms must match the syslog.conf parms.
>
> e.g., for a MikroTik AP,
>
> [root@catch22 ~]# grep -i mikrotik /etc/syslog.conf
> # MikroTik router messages
> user.* /var/log/mikrotik.log
----
I suspect I'm SOL...(Linksys WAP is Linux I think. They do have the
source code available for D/L)

local0.* /var/log/local0.log
local1.* /var/log/local1.log
local2.* /var/log/local2.log
local3.* /var/log/local3.log
local4.* /var/log/local4.log
local5.* /var/log/local5.log
local6.* /var/log/local6.log
user.* /var/log/user.log

restarted syslog service and then rebooted WAP but all of those files
are still empty ;-(

Thanks

Craig

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 11-20-2008, 12:19 AM
"Larry Vaden"
 
Default syslog remote computers

On Wed, Nov 19, 2008 at 6:36 PM, Craig White <craigwhite@azapple.com> wrote:
> On Wed, 2008-11-19 at 18:19 -0600, Larry Vaden wrote:
>> On Wed, Nov 19, 2008 at 6:02 PM, Craig White <craigwhite@azapple.com> wrote:
>> > Trying to figure out if there's a way to get syslog.conf to direct
>> > remote logging from a wireless access point to log to a separate file
>> > instead of the main syslog and can't figure out how that could be done
>> > from man syslog.conf (or man 2/3 of syslog)
>> >
>> > this clearly doesn't work
>> >
>> > 192.168.1.251.* /var/log/WAP-2.log
>> >
>> > which according to the man page, makes sense since this the IP address
>> > is not a facility.
>> >
>> > Is there a way to do this that I am missing?
>>
>> The AP's syslog parms must match the syslog.conf parms.
>>
>> e.g., for a MikroTik AP,
>>
>> [root@catch22 ~]# grep -i mikrotik /etc/syslog.conf
>> # MikroTik router messages
>> user.* /var/log/mikrotik.log
> ----
> I suspect I'm SOL...(Linksys WAP is Linux I think. They do have the
> source code available for D/L)
>
> local0.* /var/log/local0.log
> local1.* /var/log/local1.log
> local2.* /var/log/local2.log
> local3.* /var/log/local3.log
> local4.* /var/log/local4.log
> local5.* /var/log/local5.log
> local6.* /var/log/local6.log
> user.* /var/log/user.log
>
> restarted syslog service and then rebooted WAP but all of those files
> are still empty ;-(

<http://www.linuxquestions.org/questions/linux-networking-3/linksys-rv042-to-red-hat-syslog-337424/>
suggests that perhaps daemon.info would work, I dunno. At any rate,
one of the articles found by Google should reveal the answer.
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 11-20-2008, 12:37 AM
Craig White
 
Default syslog remote computers

On Wed, 2008-11-19 at 19:19 -0600, Larry Vaden wrote:
> On Wed, Nov 19, 2008 at 6:36 PM, Craig White <craigwhite@azapple.com> wrote:
> > On Wed, 2008-11-19 at 18:19 -0600, Larry Vaden wrote:
> >> On Wed, Nov 19, 2008 at 6:02 PM, Craig White <craigwhite@azapple.com> wrote:
> >> > Trying to figure out if there's a way to get syslog.conf to direct
> >> > remote logging from a wireless access point to log to a separate file
> >> > instead of the main syslog and can't figure out how that could be done
> >> > from man syslog.conf (or man 2/3 of syslog)
> >> >
> >> > this clearly doesn't work
> >> >
> >> > 192.168.1.251.* /var/log/WAP-2.log
> >> >
> >> > which according to the man page, makes sense since this the IP address
> >> > is not a facility.
> >> >
> >> > Is there a way to do this that I am missing?
> >>
> >> The AP's syslog parms must match the syslog.conf parms.
> >>
> >> e.g., for a MikroTik AP,
> >>
> >> [root@catch22 ~]# grep -i mikrotik /etc/syslog.conf
> >> # MikroTik router messages
> >> user.* /var/log/mikrotik.log
> > ----
> > I suspect I'm SOL...(Linksys WAP is Linux I think. They do have the
> > source code available for D/L)
> >
> > local0.* /var/log/local0.log
> > local1.* /var/log/local1.log
> > local2.* /var/log/local2.log
> > local3.* /var/log/local3.log
> > local4.* /var/log/local4.log
> > local5.* /var/log/local5.log
> > local6.* /var/log/local6.log
> > user.* /var/log/user.log
> >
> > restarted syslog service and then rebooted WAP but all of those files
> > are still empty ;-(
>
> <http://www.linuxquestions.org/questions/linux-networking-3/linksys-rv042-to-red-hat-syslog-337424/>
> suggests that perhaps daemon.info would work, I dunno. At any rate,
> one of the articles found by Google should reveal the answer.
----
tcpdump is my friend (but also the bearer of what appears to be bad
news)...

# tcpdump -nvvX udp port 514 -s 1500 -i eth1
tcpdump: listening on eth1, link-type EN10MB (Ethernet), capture size
1500 bytes
18:32:16.412516 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto:
UDP (17), length: 74) 192.168.1.251.clearvisn > 192.168.1.5.syslog: [udp
sum ok] SYSLOG, length: 46
Facility kernel (0), Severity info (6)
Msg: WAP-2 rg_system_full:255: killall rt2500apd
0x0000: 3c36 3e57 4150 2d32 2072 675f 7379 7374
0x0010: 656d 5f66 756c 6c3a 3235 353a 206b 696c
0x0020: 6c61 6c6c 2072 7432 3530 3061 7064
0x0000: 4500 004a 0000 4000 4011 a452 c0a8 0afb
E..J..@.@..R....
0x0010: c0a8 0a05 0804 0202 0036 2c32 3c36
3e57 .........6,2<6>W
0x0020: 4150 2d32 2072 675f 7379 7374 656d 5f66
AP-2.rg_system_f
0x0030: 756c 6c3a 3235 353a 206b 696c 6c61 6c6c
ull:255:.killall
0x0040: 2072 7432 3530 3061 7064 .rt2500apd

I gather that this means that it's facility is kernel and thus I can't
separate it from the local machine.

Craig

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 11-20-2008, 02:32 AM
"Jim Perrin"
 
Default syslog remote computers

On Wed, Nov 19, 2008 at 7:02 PM, Craig White <craigwhite@azapple.com> wrote:
> Trying to figure out if there's a way to get syslog.conf to direct
> remote logging from a wireless access point to log to a separate file
> instead of the main syslog and can't figure out how that could be done
> from man syslog.conf (or man 2/3 of syslog)
>
> this clearly doesn't work
>
> 192.168.1.251.* /var/log/WAP-2.log
>
> which according to the man page, makes sense since this the IP address
> is not a facility.
>
> Is there a way to do this that I am missing?


The stock syslog package can't do this. You need rsyslog to make this
happen. You can set up various templates and filters based on the log
file information also. See
http://www.bofh-hunter.com/2007/12/31/centralized-logging-with-centos-and-rsyslog/
for a brief walkthrough on the basics.

--
During times of universal deceit, telling the truth becomes a revolutionary act.
George Orwell
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 11-22-2008, 09:50 AM
Dag Wieers
 
Default syslog remote computers

On Wed, 19 Nov 2008, Jim Perrin wrote:


On Wed, Nov 19, 2008 at 7:02 PM, Craig White <craigwhite@azapple.com> wrote:

Trying to figure out if there's a way to get syslog.conf to direct
remote logging from a wireless access point to log to a separate file
instead of the main syslog and can't figure out how that could be done
from man syslog.conf (or man 2/3 of syslog)

this clearly doesn't work

192.168.1.251.* /var/log/WAP-2.log

which according to the man page, makes sense since this the IP address
is not a facility.

Is there a way to do this that I am missing?


The stock syslog package can't do this. You need rsyslog to make this
happen. You can set up various templates and filters based on the log
file information also. See
http://www.bofh-hunter.com/2007/12/31/centralized-logging-with-centos-and-rsyslog/
for a brief walkthrough on the basics.


In RPMforge we have backported rsyslog packages from RHEL5 to RHEL4. In
this case version 2.0.0-11, but when RHEL5.3 is released (or security
updates are released) I am commited to release them for RHEL4.


--
-- dag wieers, dag@centos.org, http://dag.wieers.com/ --
[Any errors in spelling, tact or fact are transmission errors]
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 11-22-2008, 06:14 PM
"Ricardo Carrillo"
 
Default syslog remote computers

mmm I'm not sure if I understood, but when you want to register any
log to remote host you must to do as follow:

mail.* @10.0.1.1

The example above is for register any mail logs into mail to remote
host with 10.0.1.1 ip address.


2008/11/22 Dag Wieers <dag@centos.org>:
> On Wed, 19 Nov 2008, Jim Perrin wrote:
>
>> On Wed, Nov 19, 2008 at 7:02 PM, Craig White <craigwhite@azapple.com>
>> wrote:
>>>
>>> Trying to figure out if there's a way to get syslog.conf to direct
>>> remote logging from a wireless access point to log to a separate file
>>> instead of the main syslog and can't figure out how that could be done
>>> from man syslog.conf (or man 2/3 of syslog)
>>>
>>> this clearly doesn't work
>>>
>>> 192.168.1.251.* /var/log/WAP-2.log
>>>
>>> which according to the man page, makes sense since this the IP address
>>> is not a facility.
>>>
>>> Is there a way to do this that I am missing?
>>
>> The stock syslog package can't do this. You need rsyslog to make this
>> happen. You can set up various templates and filters based on the log
>> file information also. See
>>
>> http://www.bofh-hunter.com/2007/12/31/centralized-logging-with-centos-and-rsyslog/
>> for a brief walkthrough on the basics.
>
> In RPMforge we have backported rsyslog packages from RHEL5 to RHEL4. In this
> case version 2.0.0-11, but when RHEL5.3 is released (or security updates are
> released) I am commited to release them for RHEL4.
>
> --
> -- dag wieers, dag@centos.org, http://dag.wieers.com/ --
> [Any errors in spelling, tact or fact are transmission errors]
> _______________________________________________
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>



--
:::::::::::::::::::::::::::::::::::::::::::::::::: ::::::::::::::::::::::::::::::::::
:: L.I. Ricardo D. Carrillo Sánchez
:: Security Specialist
:: Universidad Nacional Autonoma de Mexico ::
:: Ciudad Universitaria ,
D.F. Mex
:: e-mail prim.: davxoc at gmai dot com
:: e-mail secu.: davxoc at hotmail dot com
:::::::::::::::::::::::::::::::::::::::::::::::::: :::::::::::::::::::::::::::::::::::
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 11-22-2008, 10:17 PM
"Jim Perrin"
 
Default syslog remote computers

On Sat, Nov 22, 2008 at 2:14 PM, Ricardo Carrillo <davxoc@gmail.com> wrote:
> mmm I'm not sure if I understood, but when you want to register any
> log to remote host you must to do as follow:
>
> mail.* @10.0.1.1
>
> The example above is for register any mail logs into mail to remote
> host with 10.0.1.1 ip address

Correct, however as I read the OP's query, he wants them in separate
files. This is something that the default syslog just can't cope with.
With rsyslog, I can create /var/log/hosts/host-a/mail.log,
/var/log/hosts/host-b/mail.log, OR you can do
/var/log/host-A-mail.log, host-B-mail.log etc.

There are several methods with rsyslog to create logging templates, as
well as regex filters and operations that can be performed. It allows
for much greater flexibility when it comes to providing a central
logging facility.




--
During times of universal deceit, telling the truth becomes a revolutionary act.
George Orwell
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 05:38 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org