Syslog

From YobiWiki
Revision as of 01:38, 4 December 2006 by <bdi>PhilippeTeuwen</bdi> (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Syslog-ng install

apt-get install syslog-ng

/etc/syslog-ng/syslog-ng.conf: 

   source net {
       udp(ip(192.168.2.1));
       };
   filter f_sw1 { 
       host(192.168.2.2) and level(info,notice,warn,crit,err);
       };
   destination d_net_devices {
       file("/var/log/$HOST.log" owner("root") group("adm") perm(0640));
       };
   log { 
       source(net);
       filter(f_sw1);
       destination(d_net_devices);
       };

Resources & Credits


   source net {
       udp(ip(192.168.2.1));
       };
   filter f_sw1 { 
       host(192.168.2.2) and level(info,notice,warn,crit,err);
       };
   destination d_net_devices {
       file("/var/log/$HOST.log" owner("root") group("adm") perm(0640));
       };
   log { 
       source(net);
       filter(f_sw1);
       destination(d_net_devices);
       };

Resources & Credits


fwlogwatch 

-A INPUT -s 192.168.2.2 -p udp --dport 514 -m state --state NEW -j ACCEPT

Logcheck

apt-get install logcheck logcheck-database

I have many such messages in the vserver: 

pam_limits[863]: setrlimit limit #6 to soft=-1, hard=-1 failed: Operation not permitted; uid=0 euid=0

Not sure why, probably because vserver max limits are reduced.
To get rid of it, comment the line in /etc/pam.d/cron: 

#session    required     pam_limits.so
Retrieved from "https://wiki.yobi.be/index.php?title=Syslog&oldid=1564"