-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tuesday, 2008-11-25 at 22:23 +0100, LLLActive@GMX.Net wrote:
Carlos E. R. wrote:
Just configure /etc/syslog-ng/syslog-ng.conf appropiately.
Great, now it can do some selected reporting. What do you think of this?
/etc/syslog.conf (on a SLES 9 system)
Ah, that's not syslog-ng (next generation syslog). You have the classic one, it has less options to configure.
# # Warnings in one file # *.=warning;*.=err -/var/log/warn # *.crit /var/log/warn *.crit;kern.none /var/log/critical kern.* /var/log/kernel
I would use "-/var/log/kernel",, I think - unless I'm investigating a bug.
# save the rest in one file # *.*;mail.none;news.none;kern.none -/var/log/messages
# # enable this, if you want to keep all messages # in one file *.* -/var/log/allmessages
# Emergency messages will be displayed using wall # *.=emerg *
I have some problems with a database. It reports into the messages log file.
What's the problem, you want it somewhere else? There is little control with syslog, that's why syslog-ng is better.
The kernel and critical messages now goes to kernel and critical log files respectively, and just to make sure nothing gets lost all messages also goes to the allmessages log file.
Nothing gets lost, unless you mess too much with the configuration :-p The use of the "allmessages" is that, in case of problems, you have all messages in a single file and can see what is happening on other daemons different than the one you investigate. I don't use it. If I need it, I would create it and rotate soon.
OpenSUSE 10.3 does not have a "man syslog.conf" manpage (No manual entry for syslog.conf), perhaps named something else now; syslog.conf does not exist under /etc/. Where is it (it's equivalent)? Looking at /etc/init.d/syslog it seems to use /etc/syslog-ng/syslog-ng.conf and /etc/syslogd with /etc/syslog.conf. I do not see a syslog.conf on my 10.3 systems though?
You choose syslog or syslog-ng, not both. You will have the man page of the one you have installed, not the other. Same applies to the configuration files, which are quite different. The 10.3 systems have the -ng version by default.
# set daemon dependent variables case "$SYSLOG_DAEMON" in syslog-ng) syslog=syslog-ng config=/etc/syslog-ng/syslog-ng.conf params="$SYSLOG_NG_PARAMS" ;; *) syslog=syslogd config=/etc/syslog.conf params="$SYSLOGD_PARAMS" ;; esac
Question: What does the bracket behind syslog-ng) and the *) mean? (I'm no programmer)
If you have syslog-ng installed the script will define certain variables, and else it means you have syslogd and certain other variables. Nothing to worry about :-) - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkksjPMACgkQtTMYHG2NR9XKIQCfVwbmikW0uQKxsDgX1Fz0fOO8 uPAAn0XEjUX3qc2LZZHQufCk9TSurLNa =wuWS -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org