1

I have a syslog server, which separates logging informations according to hostnames. It can separate messages if it's in the 'local1' facility.

I have a mail server, which sends messages to the 'mail' facility. I would like to forward these messages to 'local1', keeping the original mail.* logs on the host, and then send it to the syslog server.

Is there any (easy) way I can replicate mail messages to the 'local1' facility?

Thank You!

EDIT:

All I could think of is calling a command like this (although for some reason this doesn't work)

$template LoggerTempl," -p local1.%SYSLOGSEVERITY-TEXT% -t %SYSLOGTAG% \"%TIMESTAMP% %HOSTNAME% %syslogtag%%msg:::sp-if-no-1st-sp%%msg:::drop-last-lf%\""
mail.* ^/usr/bin/logger;LoggerTempl
Zoltan Szeder
  • 98
  • 1
  • 9

1 Answers1

1

It depends on the syslog on your server systems.

In case of RSYSLOG you can just so set up your config like that:

mail.*   @@other-server.example.net:10514

Source: http://www.rsyslog.com/sending-messages-to-a-remote-syslog-server/

EDIT

If you want to replicate mail.* log on the same server just add another line with the same condition:

mail.*                       /var/log/maillog
mail.*                       /var/log/local1

Check there for the config files in /etc/rsyslog.d/* and restart the rsyslog service.

wittich
  • 147
  • 1
  • 10
  • I'm sorry if I wasn't clear. For now, I just want to forward the mail facility to the local1 facility, not to another server. – Zoltan Szeder Jun 20 '15 at 13:01
  • Sorry @ZoltanSzeder I 'm still totally sure if I have understand what you want. But I modified my answer... Hope it answer your demand. – wittich Jun 20 '15 at 13:39
  • I would like to refer to these messages as `local1.*` in the rsyslog configuration. – Zoltan Szeder Jun 21 '15 at 07:44
  • I don't know if that is possible and I don't understand the sense of it. Isn't it enough that it get logged in the local1 logfile? – wittich Jun 21 '15 at 08:36