3

I want to setup a simple log server to accept logs from all clients. I am not talking about standard system logs such as /var/log/mail , message, boot etc. I want to redirect or send application logs and they may not be using syslog daemon at all to log their message.

Such as /appdir/log/error.log.

I ran across many posts on the internet; most suggest using rsyslog or syslog-ng. Well so far I have been able to redirect the standard system logs not the application logs. I am using centos 5/6 environment.

MadHatter
  • 79,770
  • 20
  • 184
  • 232
chandank
  • 847
  • 3
  • 14
  • 31

2 Answers2

4

There are two main approaches to this I've seen.

Firstly many applications will have the ability to write to a syslog host natively. This is the best route to go. In other cases I'll use a basic script - something like shown below works. 

sudo tail /my/app/log | nc -w0 -u 192.168.1.1 514

EDIT - there is indeed a way to handle this within syslog-ng if you are running it on the system generating the logs. Substitute the naming convention and destination as desired. Something similiar is also available for rsyslog but it's clunkier (imho). 

source s_trbdk3 {
   file("/var/log/trbdk3.log" flags(no-parse) program_override("trbdk3")  );
};
log{
    source(s_trbdk3);
    destination( d_mesg );
 };
Tim Brigham
  • 15,545
  • 10
  • 75
  • 115
  • thanks for the quick reply. So is it not possible to do the same operation via rsyslog or syslog-ng? So far I have only been able to forward standard logs using rsyslog.conf – chandank Oct 19 '12 at 19:07
  • 2
    @chandank - that is what I'm describing in my first case. The *application* needs to be configured to send the message to syslog in order to be forwarded. If that isn't possible a script like I've outlined is the next best thing. – Tim Brigham Oct 19 '12 at 19:47
  • Do you mean "natively"? – Michael Hampton Oct 19 '12 at 20:21
  • @MichaelHampton - yes.. Bloody autocorrect on my droid. – Tim Brigham Oct 19 '12 at 20:34
3

rsyslog's imfile input module can:

Provide(s) the ability to convert any standard text file into a syslog message. A standard text file is a file consisting of printable characters with lines being delimited by LF.

You can read the official documentation for more.

I have never tried it, and it may not be terribly efficient, but it sounds like it can do the job.

syslog-ng seems to be able to do something similar with its file() source driver. This example suggests a source declaration like this:

source s_all {  
    file("/path/to/your/file" follow_freq(1) flags(no-parse)); 
};
chutz
  • 7,888
  • 1
  • 29
  • 59
  • Thanks a lot. It finally worked for me using syslog-ng. I am sure it could be done via rsyslog, but I find syslog-ng has much cleaner design approach than that of rsyslog. – chandank Oct 22 '12 at 01:42
  • Its working now, is there any way to suppress the syslog header at the destination? because I am getting 2 time stamps now. One from the client and one server is adding. – chandank Oct 22 '12 at 18:50
  • @chandank With `syslog-ng` you can use `template` in the `destination` declaration. – chutz Oct 22 '12 at 23:28