I have an interesting problem. Maybe someone could help me. I am trying to get syslog on a netapp filer to log remotely. I have placed the exact commands into the filer syslog.conf for local and remote logging.
I also pinged the remote server to make sure that I could get to it in the first place.
I am currently logging to /etc/messages but not to the remove server:
Here is what my stuff looks like
a rdfile of the syslog.conf (names and IPs were changed to protect the innocent)
#5-30-2000 The syslog admin host is <remote box> cron,daemon,kern,syslog.alert;cron,daemon,kern,syslog.err;cron,daemon,kern,s yslo g.crit;cron,daemon,kern,syslog.emerg @10.0.0.1 auth,cron,daemon,kern,syslog.alert;auth,cron,daemon,kern,syslog.err;auth,cro n,da emon,kern,syslog.crit;auth,cron,daemon,kern,syslog.emerg;auth,cron,daemon,ke rn,s yslog.warning /etc/messages
This seems legitimate. But I could be off. Has anyone else had problems doing remote logging?
Nicholas Pesce Internet Production Services Phone: 847 488-6384 Pager: 888 785 3455 Fax: 847 488 3434
Ronan Mullally wrote:
I was just looking at exactly the same thing today, we log all our syslogs out to one server. Everything else works fine, the filer doesn't. Sounds like a bug of some sort: syslog.conf extract from filer: *.info local5@212.111.41.140 and on our loghost: local4.* /var/log/lb # Netapp01 messages local5.* /var/log/netapp01
The one thing I read was that it had to be tab seperated but I've already checked that.
Chris Good wrote:
syslog.conf extract from filer: *.info local5@212.111.41.140
Following up to my own posts, tut tut. As has just been pointed out to me the faility@ convention doesn't work on filers. Anyone have any ideas on how to point the filer to a different faility?
Chris
On Tue, Aug 01, 2000 at 09:16:45PM -0000, Chris Good wrote:
directing to a different facility? I've never seen such a syntax in the syslogd/syslog.conf files I've encountered ("standard" BSD, SunOS, Solaris, Irix, AIX) allowing you to do such a thing (and I can't find that in a recent Debian system either.)
That aside, if you are looking for better filtering at the receiving log host, consider using a different syslogd there (the firewall-toolkit one for example, with its useful regexp features) or (my preference) feeding all your interesting messages into your standard event-handling system.
James.
James R Grinter wrote:
Its pretty standard behaviour networking gear etc to direct syslog requests to a specific facility. I guess I mentally pigeon-hole a filer as an appliance/networking gear rather than a UNIX server.
In any case I think its a pretty usefull thing to be able to do. So how do I go about raising an RFE?
-
chris_good@webtop.com -
James R Grinter -
Pesce, Nicholas (FUSA) -
Ronan Mullally