Syslog alone can do what you are asking, though syslog-ng will provide more flexibility. In your syslog.conf file of your remote_machine, you need to specify the appropriate actions to be taken. In your example below, you are telling the linux machines where to send syslog messages based on the "facility.priority". In your case, to remote_machine. When remote_machine receives these messages it will perform an action based on what its own syslog.conf file tells it. For example, on remote_machine you might have (from the linux man page for syslog.conf): # Kernel messages are first, stored in the kernel # file, critical messages and higher ones also go # to another host and to the console # kern.* /var/adm/kernel kern.crit @finlandia kern.crit /dev/console kern.info;kern.!err /var/adm/kernel-info The actions (right side) define what to do for the facility.priority. You can assign different directory and file names if you want. This should really only be necessary, however, if you are using an application that performs syslog logging and you want those separate (i.e. snort). At 02:57 PM 10/28/2002 -0800, cert wrote: >I was wondering what kind of information people used to log on a remote >syslog server. > >I mean, for every Linux machine I have, I use to log those facilities and >priorities: > >authpriv.* @remote_machine >kern.info @remote_machine >syslog.info @remote_machine >*.emerg @remote_machine > >If there is too much information, I use higher priority level then .info for >kern and syslog facilities. > >Is that a good practice or am I logging garbage ? > >Another point is if someone know if I can log in a certain directory in a >remote host. Seens that I canīt. Is that possible ? > >Thanks in advance > >Ricardo Pires > > >----------------------------------------------------------------- >This list is provided by the SecurityFocus ARIS analyzer service. >For more information on this free incident handling, management >and tracking system please see: http://aris.securityfocus.com ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Oct 30 2002 - 07:16:45 PST