syslog.conf network messages

[Jose]

Robin Humble wrote:
> On Tue, Jun 20, 2006 at 03:06:07PM -0400, Jose wrote:
>   
>> I've been looking at the man pages for syslog.conf, and I need to start 
>> tracing the messages divided by services and more importantly by device 
>> (network cards, drives, etc), but I am not sure how to do this.
>>     
>
> syslog isn't really meant to be a per-device mechanism.
> its facility/priority stuff is also kinda obscure and not super-useful
> IMHO.
>
> what sort of messages are you expecting from NICs and drives anyway?
>
> for drives we use smartd which can email when there are problems.
> the kernel driver for the NICs will mostly use printk/DPRINTK or
> similar and so will get thrown in with all the other kernel messages.
>
> there are also montoring systems like ganglia and nagios
>
> overall I'd suggest just using tail -f and grep on an existing syslog
> file. if you have lots of machines then you can centralise the syslog
> data as well as keeping local copies. eg. put
>   *.info @192.168.some.ip
> at the end of syslog.conf, and start syslogd on the server with -r.
> that minimises the number of files that you need to monitor for
> unusual activity.
>
> cheers,
> robin
> --
> The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
> TLUG requests: Linux topics, No HTML, wrap text below 80 columns
> How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
>
>
>   
Basically, we need to create a mechanism that would allow us to strip 
down messages coming in, may be on a daily basis according to the device 
in a different log file, so I thought that I could configure using 
syslog.conf to enforce it to catch the messages by device and pointing 
them to different files maybe using the local*, but I am not sure if 
this is possible at all.

Any advice

Thanks again for your time

J
--
The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml