I have a few particular applications that are causing a LOT of logs in my syslog server. I would like to keep all of their logging in /var/log/messages or somewhere on the server, but I am trying to find a way to only send syslog messages to the syslog server for these apps if they are warning or above. Is there an entry I can enter into the syslog-ng.conf to parse out stuff below "warn" for particular apps?
Asked
Active
Viewed 182 times
1 Answers
0
you can edit /etc/rsyslog.conf and change logs, example:
auth.*,authpriv.* /var/log/auth.log
*.warn,*.err,*.crit,*.alert,*.emerg /var/log/syslog
daemon.warn,daemon.err,daemon.alert,daemon.emerg /var/log/daemon.log
kern.warn,kern.err,kern.crit,kern.alert,kern.emerg /var/log/kern.log
lpr.warn , lpr.err, lpr.crit, lpr.alert,lpr.emerg /var/log/lpr.log
mail.warn,mail.err,mail.crit,mail.alert,mail.emerg /var/log/mail.log
user.warn,user.err,user.crit,user.alert,user.emerg /var/log/user.log
news.warn,news.err,news.crit,news.alert,news.emerg /var/log/news.log
cron.warn,cron.err,cron.crit,cron.alert,cron.emerg /var/log/cron.log
will log only emerg crit warn alert messages (except auth in this case)
if you change folders target, dont forget to update log rotate in /etc/logrotate.d/ (if you have log rotate installed)
with this config you should not have lot of log. Else you have to worry about the messages you get
Froggiz
- 3,043
- 1
- 19
- 30
-
This is for rsyslog. Do you know if this same configuration work in syslog-ng ? – JustNobody30 Oct 29 '15 at 17:06
-
nop it is totally different => https://www.balabit.com/sites/default/files/documents/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html/syslog-ng.conf.5.html, you should set the information more clear to avoid mistake like that ;) – Froggiz Oct 29 '15 at 17:16
-
I did mention in the issue as well as in the tag i was using syslog-ng. Your information is really helpful though I will have a look at the man page you sent. – JustNobody30 Oct 29 '15 at 17:22