Back to the sea ; the logging program (Syslog), episode VIII
166 words, 1 minutes
Logs are for program what speech is to human.
People says what’s wrong (most of the time ;), program log it.
Here’s how I use syslog-ng to get a central syslog system.
Installation
Syslog-NG is available as a binary package:
# pkg_add http://ftp.fr.openbsd.org/pub/OpenBSD/4.8/packages/amd64/syslog-ng-3.1.1p0.tgz
Replace syslogd with syslog-ng:
# vi /etc/rc
#syslogd ${syslogd_flags}
ldconfig /usr/local/lib
syslogng_flags=""
/usr/local/sbin/syslog-ng ${syslogng_flags}
# vi /etc/rc.conf.local
syslogng_flags=""
# crontab -e
#0 * * * * /usr/bin/newsyslog
Configuration
Create the directory that will host the logs:
# mkdir /home/log
Edit the configuration file:
# vi /etc/syslog-ng/syslog-ng.conf
@version: 3.0
options {
create_dirs(yes);
perm(0644);
dir_perm(0755);
chain_hostnames(no);
use_dns(yes);
dns_cache(yes);
dns_cache_size(64);
};
source logs {
internal();
udp(port (514));
unix-dgram ("/dev/log");
unix-dgram ("/var/empty/dev/log");
unix-dgram ("/var/named/dev/log");
unix-dgram ("/var/www/dev/log");
};
destination application { file("/home/log/$HOST/$PROGRAM/$YEAR$MONTH$DAY"); };
destination messages { file("/home/log/$HOST/messages/$YEAR$MONTH$DAY"); };
destination postfix { file("/home/log/$HOST/postfix/$YEAR$MONTH$DAY"); };
filter postfix { program("postfix"); };
log { source(logs); filter(postfix); destination(postfix); flags(final); };
log { source(logs); destination(application); flags(final); };
log { source(logs); destination(messages); };
When syslog-ng is running, just delete what’s in /var/log.
That’s All Folks!