Logging with syslogng

In the previous section, we talked about the shortcomings of the syslog method of logging. The syslog-ng method goes further with the logging process by allowing you to specify regular expressions based on what the message contains for logging and by logging to specific files based on what the message contains. For example, the Linux firewall command iptables enables you to specify a logging prefix. If you were to use syslog-ng, you could specify that if the message that was intercepted by syslog-ng contained your logging prefix, you could write that message to a specific file.

Another really useful feature of syslog-ng, especially if you are setting up a centralized logging host, is that you can save the messages to a specific file in a specific directory based on where the messages originated. All of these things add up to a more granular experience for organizing your log files with syslog-ng.

The configuration file for syslog-ng is /etc/syslog-ng/syslog-ng.conf. There is also a file /etc/sysconfig/syslog that sets various parameters controlling the general behavior of syslog-ng.

-71 n Jf&JW In some versions of SUSE, there is a file /etc/syslog-ng/syslog-ng.conf.in that

' - ~ ■"■> ■ you edit instead; the configuration is then handled by SuSEconfig and written to the actual configuration file.

I f - - r YaST is a very capable configuration manager when it comes to services; it is able to ' - ~ ■"■> ■ control them in a user-friendly fashion. If you feel uncomfortable letting YaST con trol the configuration of your services, you can turn this off. By default, YaST automatically starts a process named SuSEconfig to dynamically update your system based on the contents of the files in /etc/sysconfig to ensure that the system can maintain your configuration changes. If you do not want YaST to maintain a particular service, find the file that controls the general use of that particular service in /etc/sysconfig.

The syslog-ng file contains three important definitions that make up a log profile:

■ The log source: The program or system capability that generates the log data

■ The filter: Any filters that should be applied to the messages that are being logged

■ The log destination: The local file or network designation to which log messages should be sent

In the default syslog-ng configuration that is installed, all of the default log profiles used in syslog are also in the syslog-ng configuration. As an example, we will examine the components that make up the iptables logging rules — the log source, the filter, and the log destination — as they describe the three main components of syslog-ng and also show the regular expression features of syslog-ng.

Was this article helpful?

0 0

Post a comment