System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

Ho To Make All Logs To Go To a Specific File.

SOLVED
Go to solution
Mousa55
Super Advisor

Ho To Make All Logs To Go To a Specific File.

Hi All,

I configured syslog RHEL 5.5 server successfully to collecting logs from HP-UX servers and Cisco devices. but my problem when I create logs file on syslog server for each servers and routers, I see all logs of HP-UX servers and Cisco devices on each log file I created on syslog server.

And see below for all configuration.
==============================
First On Client Server Ex. HP-UX Server
Hostname: ruxdb02
IP Address: 10.8.1.51
==============================
1. Log in as root

# more /etc/syslog.conf

# syslogd configuration file.
#
# See syslogd(1M) for information about the format of this file.
#
mail.debug /var/adm/syslog/mail.log
*.info;mail.none /var/adm/syslog/syslog.log
*.alert /dev/console
*.alert root
*.emerg *
*.debug@10.15.1.5

# more /etc/hosts

10.15.1.5 syslog

# /sbin/init.d/syslogd stop
# syslogd -v
# kill -HUP `cat /etc/syslog.pid`
# /sbin/init.d/syslogd start
==============================
Second On Syslog Server
Hostname: syslog
IP Address: 10.15.1.5
==============================
1. vi /etc/sysconfig/syslog

2. Change:
SYSLOGD_OPTIONS="-m 0"

To:
SYSLOGD_OPTIONS="-m 0 -r -x"

3. Restart the syslogd daemon

# /etc/init.d/syslog restart

And then you are received all logs on

/var/log/messages

4. If you want to put logs from the hp-ux system, windows logs, and Cisco logs all into separate files on the red hat syslog
server

On the syslogd server - add for every client (UNIX, Windows, Cisco Devices)
in /etc/syslog.conf

# touch /var/log/ruxdb02.log
# touch /var/log/ruxdb01.log

# vi /etc/syslog.conf
+ruxdb02
*.* /var/log/ruxdb02.log

+ruxdb01
*.* /var/log/ruxdb01.log


Restart syslog daemon (after every edit on this file /etc/syslog.conf) .
# /etc/init.d/syslog restart
============================================================================

I can now see all logs of ruxdb02 on all file I created

/var/log/ruxdb02.log
/var/log/ruxdb01.log
/var/log/messages

How I can solving this problem and make all logs go to specific file ?

Thanks and Best Regards
8 REPLIES
Matti_Kurkela
Honored Contributor

Re: Ho To Make All Logs To Go To a Specific File.

+ruxdb02
*.* /var/log/ruxdb02.log

+ruxdb01
*.* /var/log/ruxdb01.log

The lines with + signs are not part of the standard syslog configuration syntax: the basic syslog package won't understand them.
RHEL 5.2 and above have enhanced versions available, but they're optional.

If a standard syslog daemon does not understand a configuration line, it will ignore that line. Apparently that's happening with your configuration.

Run this command to see which package provides the syslog function on your server:

rpm -q --whatprovides syslog

If it says something like "sysklogd-", you have the old basic syslog package. If it says something different (e.g. like "rsyslog-") you have an enhanced syslog package.

But the "+ruxdbNN" lines don't seem like correct configuration lines for rsyslog either: just what instructions were you following?

MK
MK
Mousa55
Super Advisor

Re: Ho To Make All Logs To Go To a Specific File.

Hi All,



# rpm -q --whatprovides syslog
sysklogd-1.4.1-46.el5

what is the correct configuration lines in this case?

Thanks
Mousa55
Super Advisor

Re: Ho To Make All Logs To Go To a Specific File.

Hi All,

I still waiting.

Thanks
Matti_Kurkela
Honored Contributor
Solution

Re: Ho To Make All Logs To Go To a Specific File.

Sorry, your problem cannot be solved with the sysklogd package. It does not have the required functionality.

You'll need to transition to rsyslog instead. It's available in RHEL 5.2 and later, although not installed by default.

Be advised, your original syntax is not applicable to rsyslog either. It's probably for some modified version of sysklogd package. You'll have to read the rsyslog documentation and the examples on web pages listed below to see how to configure rsyslog to fulfill your requirements:

http://wiki.rsyslog.com/index.php/Red_Hat

This is from the time when official RHEL 5.x rsyslog packages weren't yet available. However, it's still useful as a configuration example:

http://tanso.net/rsyslog/

Google for "RHEL5 rsyslog" and you'll find a lot more information.

MK
MK
Mousa55
Super Advisor

Re: Ho To Make All Logs To Go To a Specific File.

Hi,

i installed the "rsyslog-3.12.0-1.fc8.src.rpm" package on my server. but now how i can configure the linux server to receive a logs from different host on different file.

Thanks
Mousa55
Super Advisor

Re: Ho To Make All Logs To Go To a Specific File.

Hi,

The "rsyslog-3.22.1-3.el5_5.1.x86_64.rpm" has been installed successfully. but now How can i starting to configure the rsyslogd on linux server, to collect different logs from different Host on different files.

Thanks
Matti_Kurkela
Honored Contributor

Re: Ho To Make All Logs To Go To a Specific File.

By looking at the first example in the "Configuration" section on web page

http://tanso.net/rsyslog/
(*which I already pointed to you*)

...I see this configuration example:

$template DailyPerHostLogs,"/var/log/rsyslog/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%.log"
*.* -?DailyPerHostLogs

In your case, this could be simplified to:

$template PerHostLogs,"/var/log/%HOSTNAME%.log"

*.* -?PerHostLogs

(that's two lines; you won't need anything more in your /etc/rsyslog.conf file.)

For more details and examples, read the rsyslog documentation by using the command "man rsyslog.conf" or at:
http://www.rsyslog.com/doc/manual.html

MK
MK
Mousa55
Super Advisor

Re: Ho To Make All Logs To Go To a Specific File.

Hi Matti,

I have some questions.
Thanks for your support, but the rklogd is not available on my system where can i installing the rklogd package for RHEL 5.5 .
# ls -Z /sbin/rklogd
ls: /sbin/rklogd: No such file or directory
but
# ls -Z /sbin/klogd
-rwxr-xr-x root root system_u:object_r:klogd_exec_t /sbin/klogd
=============================================
And i don't need to edit /etc/sysconfig/rsyslog file to change SYSLOGD_OPTIONS="-m 0"
To:
SYSLOGD_OPTIONS="-m 0 -r -x" and just only add this two line to /etc/rsyslog.conf

$template PerHostLogs,"/var/log/%HOSTNAME%.log"

*.* -?PerHostLogs

in my case the first host is ruxdb01 and the logs file of this host is Ruxdb01.log so

$template PerHostLogs,"/var/log/%Ruxdb01%.log"

*.* -?ruxdb01 ===> this line 41
i see this error on syslog file and there is no any output on Ruxdb01.log
"
the last error occured in /etc/rsyslog.conf, line 41

Could not find template 'ruxdb01' - action disabled"
=============================================
and i facing error whin i try to start or stop rsyslog.

# /etc/init.d/rsyslog stop
Shutting down system logger: [ OK ]
# /etc/init.d/rsyslog start
Starting system logger: usage: rsyslogd [-c] [-46AdnqQvwx] [-l] [-s]
[-f] [-i] [-N] [-M]
[-u]
To run rsyslogd in native mode, use "rsyslogd -c3 "
[FAILED]
# rsyslogd -c3
# /etc/init.d/rsyslog start
Starting system logger:
=============================================
I didn't forget points

Thanks