syslog.conf lines for specific application's to send to remote syslog server

H

herpus__derpus

I have a process running the binary /usr/local/bin/radiusd and I want to send it's syslog messages to a remote syslog server, syslog1.mycorp.com

I tried to a local log file first.
Code: 
#!/usr/local/bin/radiusd
*.*                                             /var/log/mysyslog

But no entries in the /var/log/mysyslog log file. They do appear in /var/log/messages due to the line near the top of the syslog.conf file:
Code: 
*.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err   /var/log/messages

Log lines I am trying to capture, come out in /var/log/messages as:

Code: 
May 16 19:27:11 <user.notice> radius1 /usr/local/bin/radiusd[58071]: SIGTERM received: stopping
May 16 19:27:11 <user.notice> radius1 /usr/local/bin/radiusd[58115]: Server started: Radiator 4.17 on radius1

Can someone show me how I can redirect just the logs from this radiusd to a different destination? Eventually I want to send these logs to two remote syslog servers, which is not supported internally by radiusd, hence the use of local syslogd
 
Now, I'm not familiar with the way Radius logs these things but I can help you with the syntax & concept. And I can definitely understand your confusion: been there, done that ;)

You're right: the application probably sends out messages with a notice priority which are then captures by the line you quoted. Solution: tell syslogd to ignore the application for the first log entries:

Code: 
!-imap,named,pkg-static,pkg
*.notice;authpriv.none;kern.debug;lpr.info;mail.crit    /var/log/messages
This is from my own /etc/syslog.conf and as you can see I'm telling syslogd to ignore stuff from IMap (Cyrus IMAP server), Named (Bind DNS server) and pkg-static / pkg (because all those messages get logged to a separate logfile).

Now, my setup is a bit more complex because I have multiple applications to attend to but you could probably suffice with merely ignoring radius; check the log entry, the name before the colon should be the application name. For example, an OpenVPN upgrade I just did:

Code: 
May 16 22:28:01 unicron pkg: openvpn-2.4.5 deinstalled
May 16 22:28:02 unicron pkg-static: openvpn-2.4.6 installed
See? This tells me that pkg and pkg-static were the application names involved.

You could then activate it by doing something like this at the end of your syslog.conf:

Code: 
# Package management
!pkg,pkg-static
*.*                                             /var/log/pkg.log
Now, in my example I used pkg (I'm lazy like that ;) ) but you should obviously replace 'pkg' with the name of whatever application your setup uses (I assume 'radius' but I simply don't know).

(edit): ok, I glossed over your post. You'll need to specify radius1 (as you've shown above).

syslog.conf(5) will tell you how to sent something to another host, but since I'm typing anyway....

Code: 
!pkg
*.*              @loghost.intranet.lan
.... this is how I'd set that up.

Hope this can help you!
 
You must log in or register to reply here.
Back
Top