Logs are for program what speech is to human.
People says what’s wrong (most of the time ;), program log it.
Here’s how I use syslog-ng to get a central syslog system.
Table of Contents
Installation
Syslog-NG is available as a binary package:
# pkg_add http://ftp.fr.openbsd.org/pub/OpenBSD/4.8/packages/amd64/syslog-ng-3.1.1p0.tgz
Replace syslogd with syslog-ng:
# vi /etc/rc
#syslogd ${syslogd_flags}
ldconfig /usr/local/lib
syslogng_flags=""
/usr/local/sbin/syslog-ng ${syslogng_flags}
# vi /etc/rc.conf.local
syslogng_flags=""
# crontab -e
#0 * * * * /usr/bin/newsyslog
Configuration
Create the directory that will host the logs:
# mkdir /home/log
Edit the configuration file:
# mkdir -p /home/log/etc/syslog-ng/# vi /etc/syslog-ng/syslog-ng.conf @version: 3.0 options { create_dirs(yes); perm(0644); dir_perm(0755); chain_hostnames(no); use_dns(yes); dns_cache(yes); dns_cache_size(64); }; source logs { internal(); udp(port (514)); unix-dgram ("/dev/log"); unix-dgram ("/var/empty/dev/log"); unix-dgram ("/var/named/dev/log"); unix-dgram ("/var/www/dev/log"); }; destination application { file("/home/log/$HOST/$PROGRAM/$YEAR$MONTH$DAY"); }; destination messages { file("/home/log/$HOST/messages/$YEAR$MONTH$DAY"); }; destination postfix { file("/home/log/$HOST/postfix/$YEAR$MONTH$DAY"); }; filter postfix { program("postfix"); }; log { source(logs); filter(postfix); destination(postfix); flags(final); }; log { source(logs); destination(application); flags(final); }; log { source(logs); destination(messages); };
When syslog-ng is running, just delete what’s in /var/log.
That’s All Folks!
No Comments