[vox-tech] Centeraly saving only some syslog messages?

Ryan Castellucci vox-tech@lists.lugod.org
Wed, 11 Jun 2003 06:42:21 -0700


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tuesday 10 June 2003 10:16 pm, Mike Simons wrote:
> On Tue, Jun 10, 2003 at 09:34:24PM -0700, Ryan Castellucci wrote:
> > Does anyone know how I could centeraly log the output of just one
> > program? ie, syslogs from sshd s all get sent to a log server, but
> > everything else stays localy logged only?
>
> sshd_config(5)
> =3D=3D=3D
>      SyslogFacility
>              Gives the facility code that is used when logging messages
> from sshd.  The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1=
,
> LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.  The default is AUTH.
> =3D=3D=3D
>
> use above to have sshd log to level local5, then
>
> /etc/syslog.conf
> =3D=3D=3D
> local5.*=09@log.host
> =3D=3D=3D

This looks like it will work great, thanks. I read the man pages for two=20
other programs that I want to do this with, and they have equlivant opton=
s.=20
Any thing you can do with programs that have the log facility hard coded,=
=20
short of re-compiling them? (just wondering)

>   Let me know how it turns out, like if you find a secure syslogd you
> like (to encrypt syslog messages on wire).

syslog-ng supports using tcp, so it could be tunneled over ssh, or perhap=
s I=20
can figure out how to use it with an SSL wrapper such as stunnel.

- --=20
PGP/GPG Fingerprint: 3B30 C6BE B1C6 9526 7A90  34E7 11DF 44F3 7217 7BC7
On pgp.mit.edu, import with `gpg --keyserver pgp.mit.edu --recv-key 72177=
BC7`
Also available at http://www.cal.net/~ryan/ryan_at_mother_dot_com.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE+5zG9Ed9E83IXe8cRAm3DAJwIIpLzluBJ+ev8GoV2M6eiKN+ZsACgnqPD
j0xgu3VhAp7+Az65QI6HChI=3D
=3Dg72v
-----END PGP SIGNATURE-----