|
Logging remote host to specific logfile with syslog-ng on Ubuntu |
|
|
|
To log to a specific log file based on it's host/ip you need to use syslog-ng as the regular syslog daemon do not allow this. You can easily install syslog-ng which is a pre-configured replacement for syslog/klog.
# apt-get install syslog-ng
Now we need to modify the configuration, edit /etc/syslog-ng/syslog-ng.conf, and first we need to add udp listening to accept remote syslogs. We could do this under the s_all source, but we need to define a different source so our remote hosts logs do not get mixed in with our regular ones. Place this after source s_all is finished.
source s_net { udp (); };
Now further down where logging starts, we need to first add a filter for our openwrt host and we will use its ip to do this. Then we add a log file destination for that specific host. And after that we put in the log definition with our newly created source, our host filter, and our file destination.
filter f_openwrt { host( "192.168.1.1" ); };
destination df_openwrt { file("/var/log/openwrt.log"); };
log { source ( s_net ); filter( f_openwrt ); destination ( df_openwrt ); };
Go ahead and restart syslog-ng now:
# /etc/init.d/syslog-ng restart
Since we added a new logfile, we need to modify /etc/logrotate.d/syslog-ng. This will make sure our new logfile gets rolled. This entry has to go in before the last one which restarts the syslog-ng daemon. Here's what I put in:
/var/log/openwrt.log {
rotate 7
weekly
missingok
notifempty
compress
}
|
