This is an old revision of the document!
[server:~] # grep syslog /etc/rc.conf syslogd_flags="-a 192.168.X.0/24:*" [server:~] # cat /etc/syslog.conf ... local0.* /var/log/cisco.log !ppp ... [server:~] # touch /var/log/cisco.log [server:~] # /etc/rc.d/syslogd restart [server:~] # tail -f /var/log/cisco.log
root@server:~# cat /etc/default/syslogd ... SYSLOGD="-r" root@server:~# cat /etc/syslog.conf ... local0.* /var/log/cisco.log root@server:~# touch /var/log/cisco.log root@server:~# chown syslog:adm /var/log/cisco.log root@server:~# /etc/init.d/sysklogd restart root@server:~# tail -f /var/log/cisco.log
root@server:~# cat /etc/rsyslog.conf ... $ModLoad imudp $UDPServerRun 514 ... root@server:~# cat /etc/rsyslog.d/30-cisco.conf local0.* -/var/log/cisco.log root@server:~# touch /var/log/cisco.log root@server:~# chown syslog:adm /var/log/cisco.log root@server:~# restart rsyslog root@server:~# tail -f /var/log/cisco.log
man syslog.conf
[hostX:~] # shutdown -p 17:30 [hostX:~] # logger -t clamd -p kern.emerg 'Kernel Panic' [hostX:~] # cat syslog.conf ... local6.* /var/log/clamd.log ... [hostX:~] # touch /var/log/clamd.log [hostX:~] # /etc/rc.d/syslogd reload [hostX:~] # clamdscan virus.zip
[hostX:~] # cat /etc/newsyslog.conf ... /var/log/clamd.log 600 7 10 * J /var/log/httpd-access.log 644 10 1000 * JC /var/run/httpd.pid 30 /var/log/httpd-error.log 644 10 1000 * JC /var/run/httpd.pid 30 /var/log/httpd-ssl_request.log 644 10 1000 * JC /var/run/httpd.pid 30 [hostX:~] # cat logger.sh while : do logger -t clamd -p local7.info "Message 1" logger -t clamd -p local7.info "Message 2" done [hostX:~] # sh logger.sh ... <Ctrl>-C [hostX:~] # tail -f /var/log/clamd.log ... <Ctrl>-C [hostX:~] # newsyslog [hostX:~] # ls -l /var/log/clamd.log*
[hostX:~] # cat /etc/rc.conf ... syslogd_flags="-a 192.168.X.0/24"
Сокращенная форма 192.168.X/24 не распознается!
[hostX:~] # /etc/rc.d/syslogd restart
[gate:~] # cat /etc/syslog.conf *.* @hostX ... [gate:~] # /etc/rc.d/syslogd restart
[hostX:~] # cat syslog.sh #!/bin/sh while read m do if expr "$m" : '.*login.*' > /dev/null then echo $m | mail -s login root fi done [hostX:~] # chmod +x syslog.sh [hostX:~] # cat /etc/syslog.conf ... auth.* | /root/syslog.sh ...