General :: Putting A Remote Syslog Into Its Own File?
Aug 11, 2010
I have a Tomato router and it has the capability to have its logs go to a external server. syslog is the obvious choice for this. So I enabled remote logging on my linux server's syslogd (syslogd -r) and I can see all of the logs in /var/log/syslog. What I want to do is take everything that comes from the IP of my router (10.0.0.1) and divert it to its own file like /var/log/tomato to avoid polluting my syslog with external logs.
I can't find any examples of someone doing this. My only solution is to get a script together that strips out any line in /var/log/syslog with 10.0.0.1 in it and puts the line into /var/log/tomato and have the script run as a cron job, but that seems unnecessarily messy.
Unless someone knows that there is a solution, I'm 95% sure that syslog doesn't support this after reading more in-depth of the man page. So I need to migrate to syslog-ng or make a crazy script that runs with cron.
Years ago on AIX I used to create a file of key strokes, including function keys (mainly F3 and F12) into a file, and used that file as input to an INFORMIX program, to automated tasks, something like this: fglgo myprogram.fgo <keystrokefile.txt
Now, I'm using Aubit language on GNU/Linux, and I'd like to do the same kind of thing, but I can't recall how I worked out the chars for the function keys, I'm using a different emulation (xterm), and I can't work out what characters to put in the key stroke file. My $TERM variable contains "xterm". If I type "infocmp", I get this:
Code: # Reconstructed via infocmp from file: /usr/share/terminfo/x/xterm xterm|xterm terminal emulator (X Window System), am, bce, km, mc5i, mir, msgr, npc, xenl, colors#8, cols#80, it#8, lines#24, pairs#64, acsc=``aaffggiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz{{||}}~~,
[Code]....
1. Is the above infocmp output the place I should get the information I need?
2. What chars do I need to put into my file to simulate me pressing F3 and F12?
3. Is there a way for me to put such chars in a file by just pressing those function keys (I tried a here document, but that doesn't work (it's as if the function keys are not even pressed)).
I have a problem with my script. The problem is the system keeps rebooting after I put the directory file in .bashrc. The intentional for putting the file in .bashrc is to run the script automatically after login as root, I don know why is this happen. It was working fine for the first time without putting the file in bashrc. I could break the loop after hitting the "ESC" key. would it be the script problems?
Here is my script count=20 while [ $count -gt 0 ];do sleep 1 echo Press ESC to break the operation ((count=count-1))
I am looking for an open source syslog server which accumulate the each and every log of Windows, Solaris, Linux and network devices. Currently I am using Syslog-ng which is not fulfiling my requirement in Windows clients, as I need the logs of every action which user performed after logon.
I installed syslog-ng so I can receive remote logs. this is working however since I disabled syslog on my syslog-ng server I am not logging in /var/log/messages cron and some others.locally)I know this is because my syslog-ng.conf only references remote and not local.How can I edit the syslog-ng.conf file so that I can receive remote and local? I tried this however when adding in portions of the default config, I only receive local and not remote logs anymore. I am forwarding my config.
# syslog-ng configuration file. # # This should behave pretty much like the original syslog on RedHat. But
I am facing a problem while trying to log SSH messages in a separate file, say, /var/log/ssh_logs. I have tried modifying the syslog-ng.conf file as follows:
Trying to remove lines from a syslog text file that have duplicate strings
Mar 10 06:51:11[http-8080-1] INFO com.MYCOMPANY.webservices.userservice.web.UserServiceController [u:2533274802474744|360] Authorize [platformI$tformIdAndOs=2533274802474744|360, userRegion=America|360]
then a few lines down
Mar 10 06:52:03 [http-8080-1] INFO com.MYCOMPANY.webservices.userservice.web.UserServiceController [u:2533274802474744|360] Authorize [platformI$tformIdAndOs=2533274802474744|360, userRegion=America|360
got the same thing in terms of a u: number but the issue is I need to remove duplicates and just leave one and the file has multiple duplicates of different u: numbers and it's 14,000 lines long. can anyone tell me if I can use awk? sed? or sort for something like this to? removing lines that have a certain string in there that's a duplicate.
Here is a way to prepare a USB flash drive to save your kickstart file to it, and then read the kickstart file from the USB drive during a new Fedora installation.A USB flash drive is recognised by the Linux kernel as just another hard drive.This is how I set up my USB flash drive to use it to store my kickstart file on.You will need a working Linux system to set up the USB drive.
Running Red Hat (not sure of the build atm) and I need to be able to put all of the IP blocking in a separate file. It will eventually be uploaded to a large number of hosting accounts, and modified from time to time...so it isn't feasible to modify that many httpd.conf files each time we need to add an IP to be blocked. In httpd.conf I can add the "Deny from" line to the following directive and blocks it just fine:
Code:
<Directory "/var/www/html"> # # Possible values for the Options directive are "None", "All", # or any combination of: # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
[code]....
There is an include to pick up all *conf files in ../conf.d, and everything else in there is working just fine. I created a file called robots.conf; it currently has a set of mod_rewrite rules which work. So I added this to that file:
Code:
<Directory "/var/www/html"> Order allow,deny Allow from all Deny from 123.456.789.098 </Directory>
It is not blocking access from the IP with it in there.I've done all of the usual things; restarted Apache, cleared browser cache etc. I can also block it using that same directive in a local .htaccess.
I need to parse the file of same name which exist on different servers and calculate the count of string existed in both files.Say a file abc.log exist on 2 servers.I want to search for string "test" on both files and calculate the total count of search string's existence.For example if file abc.log on server 1 has string "test" 2 times and file abc.log on server 2 has string "test" 4 times.then the output will beStringName : Countexampletest : 6 timesNote : I have created the password less connectivity using ssh-keygen.
I tried to set up an alias for update, upgrade and clean by putting this line into my .bach.rc file
Code: #alias ud= 'aptitude update && sudo aptitude upgrade && sudo aptitude dist-upgrade && sudo aptitude autoclean' but when I type ud I get this error message, by the way I tried the bash.rc entry both commented and uncommented with the same result.
I'm looking for a way to make a bootable floppy that has drdflash.img, my flash utility and my bios file on it for a bios recovery disk. This is on a board that has a failed bios, so everything is pretty much dead (except for the humble floppy drive). I don't have a screen to work with so this floppy needs to be able to run the utility and automatically flash the chip for me. I've heard this is possible, but am unable to find clear instructions on how to do any of this. I know the basics of it is to copy the bios file and flash utility to a floppy along with a bootdisk that will run these things (sometimes the .bat file needs to be modified in order to do this automatically). So I've downloaded drdflash but it came as a .img and I don't think it can be 'just' copied to disk. I came across the 'dd' command but have also heard its nicknamed 'data destroyer' or words to that effect.
I got the "The file '/var/log/syslog' does not exist." message when I tried to run KSystemLog as well as "The file '/var/log/auth.log' does not exist." when I tried to view the authentication log. There is no icon beside the items "Krfb," "KSystemLog," and"Nepomuk Backup" in the "System Tools" menu of Gnome.
AMD64, Ubuntu 10.10 64bit os, with onboard video.Works really well all the way to 1680X1050 resolution, but I get this error every 10 seconds added to my syslog.
We have several SLES, CentOS, Fedora server and use logmail to filter the logs on our central syslog-Server. The problem is, that the filtering take more and more time and the configuration gets more and more confusing. What program to use to analyse our central logfile? Something mysql based?
I am facing an issue with my syslog server. The server is collecting remote log also. and the issue is no log messages are updated in /var/log/messages file. But other files are getting updated.
[root@Server1 ~]# cat /etc/syslog.conf # Log all kernel messages to the console. # Logging much else clutters up the screen.
I have a self-made application running on a small embedded Linux device (which should not matter) using syslog to output some error, warning or debug logs.There is a "better" syslog daemon installed, called syslog-ng, which have some more features,t I miss a very important one:How to limit the size of the logfiles to some dedicated megabytes. I was able to create rotating logfiles with the configuration in syslog-ng.conf:
I've just configured my Linksys RVS-4000 router to syslog messages to remote syslogd server (i.e. my CentOS5 machine). Redirecting messages was easy, but now I'm having difficulties to redirect those same messages received from Linksys to a separate log file. By default, all these messages are logged to /var/log/messages, and after browsing manual pages for syslog, syslog.conf, and syslogd, came to suspect that what I want isn't possible.
wants to remove everything else that (presumably) has syslog as a dependency. how do I replace the dependency on syslog with a dependency on syslog-ng?
I noticed in my system that my root partition is getting full. I found a lot of old compacted syslogfiles. Had a look at etc/sysconfig editor eg cron but could not find a setting which allows to delete files older than a month. Where and how could I influence this ? I deleted manually all syslog files older than a month. Approx 6GB
Noticed the statistic from the computer that it had taken 147MB from the internet today and put 8MB out. Why did it put out so much data, 8MB, why would it need to do that? It makes me paranoid.
I am currently trying to install Sabayon linux, and it expects to use Grub1 for booting from usb (what am I trying to do). So I copied grub files into boot section, but now I need to "root and setup" it - and that's what I can't do, because I don't use Grub1 normally, since I am on Ubuntu which uses Grub2.
(I decided to use Grub1 instead of Grub2 because Sabayon could have some special params, and I am not that much experienced to copy them in new format to grub2 configuration file). So my question is - is there a way to copy grub1 to MBR without having it installed? (using some utility or something like that).
