Hi, I set up the syslog.conf to log local0 and local1 to a remote log server: *.info;mail.none;authpriv.none;cron.none;local0.none;local1.none /var/log/messages local0.*;local1.* @192.168.1.2 The messages from local0 worked fine, all sent to the remote log server. But all messages from local1 were still displayed in /var/log/messages despite it has been set to local1.none. Of cause, no local1 messages were sending to the remote server. Could I be missing something here, or could be a bug in 2.6.18-53.el5 which I am running? Thank you. Kind Regards, Jupiter
On Thursday 06 August 2009 10:58:05 pm hce wrote:> The messages from local0 worked fine, all sent to the remote log > server. But all messages from local1 were still displayed in > /var/log/messages despite it has been set to local1.none.How do you determine which messages come from which facility by looking at the log? As far I as I know , in the actual log message, there's no indication of the facility generating it...there may be the ip from where it's coming..the daemon generating it but the actual facility I don't remember. If I were you I would go to the destination syslog server first and perform this test: logger -p local1.info "testing proper routing on destination server" and then check where the message goes (check your syslog.conf there on the destination server). Once you know local1 is properly routed (on the destination server), then you should go to the original (source) server where I recommend you comment out the whole line pointing to /var/log/messages and concentrate on the local1 line first. Don't forget to reload the configuration (service syslog reload) and then try this: logger -p local1.info "message comign from source server" and then check the proper log on the destination server... There are some startup switches for syslog (to allow it to receive remote messages) but I rule out that because you mentioned it is already working for the local0 facility... HTH, Jorge
On Thu, Aug 6, 2009 at 10:58 PM, hce<webmail.hce at gmail.com> wrote:> Hi, > > I set up the syslog.conf to log local0 and local1 to a remote log server: > > *.info;mail.none;authpriv.none;cron.none;local0.none;local1.none > ?/var/log/messages > > local0.*;local1.* ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? @192.168.1.2 > > The messages from local0 worked fine, all sent to the remote log > server. But all messages from local1 were still displayed in > /var/log/messages despite it has been set to local1.none. Of cause, no > local1 messages were sending to the remote server. Could I be missing > something here, or could be a bug in 2.6.18-53.el5 which I am running?Same thing here... Separating the entries onto two lines works as expected though.