I have a few particular applications that are causing a LOT of logs in my syslog server. I would like to keep all of their logging in /var/log/messages or somewhere on the server, but I am trying to find a way to only send syslog messages to the syslog server for these apps if they are warning or above. Is there an entry I can enter into the syslog-ng.conf to parse out stuff below "warn" for particular apps?
1 Answer
you can edit /etc/rsyslog.conf and change logs, example:
auth.*,authpriv.* /var/log/auth.log *.warn,*.err,*.crit,*.alert,*.emerg /var/log/syslog daemon.warn,daemon.err,daemon.alert,daemon.emerg /var/log/daemon.log kern.warn,kern.err,kern.crit,kern.alert,kern.emerg /var/log/kern.log lpr.warn , lpr.err, lpr.crit, lpr.alert,lpr.emerg /var/log/lpr.log mail.warn,mail.err,mail.crit,mail.alert,mail.emerg /var/log/mail.log user.warn,user.err,user.crit,user.alert,user.emerg /var/log/user.log news.warn,news.err,news.crit,news.alert,news.emerg /var/log/news.log cron.warn,cron.err,cron.crit,cron.alert,cron.emerg /var/log/cron.log will log only emerg crit warn alert messages (except auth in this case) if you change folders target, dont forget to update log rotate in /etc/logrotate.d/ (if you have log rotate installed)
with this config you should not have lot of log. Else you have to worry about the messages you get
- This is for rsyslog. Do you know if this same configuration work in syslog-ng ?MathGuy30– MathGuy302015-10-29 17:06:36 +00:00Commented Oct 29, 2015 at 17:06
- nop it is totally different => balabit.com/sites/default/files/documents/…, you should set the information more clear to avoid mistake like that ;)Froggiz– Froggiz2015-10-29 17:16:08 +00:00Commented Oct 29, 2015 at 17:16
- I did mention in the issue as well as in the tag i was using syslog-ng. Your information is really helpful though I will have a look at the man page you sent.MathGuy30– MathGuy302015-10-29 17:22:50 +00:00Commented Oct 29, 2015 at 17:22