syslog.conf lines for specific application's to send to remote syslog server

herpus__derpus

New Member


Messages: 1

#1
I have a process running the binary /usr/local/bin/radiusd and I want to send it's syslog messages to a remote syslog server, syslog1.mycorp.com

I tried to a local log file first.
Code:
#!/usr/local/bin/radiusd
*.*                                             /var/log/mysyslog
But no entries in the /var/log/mysyslog log file. They do appear in /var/log/messages due to the line near the top of the syslog.conf file:
Code:
*.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err   /var/log/messages
Log lines I am trying to capture, come out in /var/log/messages as:

Code:
May 16 19:27:11 <user.notice> radius1 /usr/local/bin/radiusd[58071]: SIGTERM received: stopping
May 16 19:27:11 <user.notice> radius1 /usr/local/bin/radiusd[58115]: Server started: Radiator 4.17 on radius1
Can someone show me how I can redirect just the logs from this radiusd to a different destination? Eventually I want to send these logs to two remote syslog servers, which is not supported internally by radiusd, hence the use of local syslogd
 

ShelLuser

Son of Beastie

Thanks: 1,428
Messages: 3,141

#2
Now, I'm not familiar with the way Radius logs these things but I can help you with the syntax & concept. And I can definitely understand your confusion: been there, done that ;)

You're right: the application probably sends out messages with a notice priority which are then captures by the line you quoted. Solution: tell syslogd to ignore the application for the first log entries:

Code:
!-imap,named,pkg-static,pkg
*.notice;authpriv.none;kern.debug;lpr.info;mail.crit    /var/log/messages
This is from my own /etc/syslog.conf and as you can see I'm telling syslogd to ignore stuff from IMap (Cyrus IMAP server), Named (Bind DNS server) and pkg-static / pkg (because all those messages get logged to a separate logfile).

Now, my setup is a bit more complex because I have multiple applications to attend to but you could probably suffice with merely ignoring radius; check the log entry, the name before the colon should be the application name. For example, an OpenVPN upgrade I just did:

Code:
May 16 22:28:01 unicron pkg: openvpn-2.4.5 deinstalled
May 16 22:28:02 unicron pkg-static: openvpn-2.4.6 installed
See? This tells me that pkg and pkg-static were the application names involved.

You could then activate it by doing something like this at the end of your syslog.conf:

Code:
# Package management
!pkg,pkg-static
*.*                                             /var/log/pkg.log
Now, in my example I used pkg (I'm lazy like that ;) ) but you should obviously replace 'pkg' with the name of whatever application your setup uses (I assume 'radius' but I simply don't know).

(edit): ok, I glossed over your post. You'll need to specify radius1 (as you've shown above).

syslog.conf(5) will tell you how to sent something to another host, but since I'm typing anyway....

Code:
!pkg
*.*              @loghost.intranet.lan
.... this is how I'd set that up.

Hope this can help you!
 
Top