syslog.conf network messages

Robin Humble rjh-tkNKonCg4laeFQavDyXPBQ at public.gmane.org
Fri Jun 23 21:06:39 UTC 2006


On Tue, Jun 20, 2006 at 03:06:07PM -0400, Jose wrote:
>I've been looking at the man pages for syslog.conf, and I need to start 
>tracing the messages divided by services and more importantly by device 
>(network cards, drives, etc), but I am not sure how to do this.

syslog isn't really meant to be a per-device mechanism.
its facility/priority stuff is also kinda obscure and not super-useful
IMHO.

what sort of messages are you expecting from NICs and drives anyway?

for drives we use smartd which can email when there are problems.
the kernel driver for the NICs will mostly use printk/DPRINTK or
similar and so will get thrown in with all the other kernel messages.

there are also montoring systems like ganglia and nagios

overall I'd suggest just using tail -f and grep on an existing syslog
file. if you have lots of machines then you can centralise the syslog
data as well as keeping local copies. eg. put
  *.info @192.168.some.ip
at the end of syslog.conf, and start syslogd on the server with -r.
that minimises the number of files that you need to monitor for
unusual activity.

cheers,
robin
--
The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml





More information about the Legacy mailing list