[opensource] syslog and syslog-ng question

Jason Crum ransak at earthlink.net
Wed Oct 25 14:52:23 EDT 2006


Hi there. This is my first email to this list, so if this isn't the proper venue for this kind of question I'll slink back into the shadows.

I'm trying to set up a central logging server for several *nix boxes, most are running Solaris 10 x86 or CentOS 4.3 (or so). I need to insert a unique string in the syslog data these servers send to the central logging server (for those that are interested, it's running Splunk and receiving data from several Windows servers using Snare and several Cisco devices via syslog feeds into FIFOs that are then fed into specific Splunk parsers).

Some of these servers run syslog, others run syslog-ng. If I have to upgrade all of the servers to syslog-ng I can live with that.

With syslog-ng, I think I can insert a string using a template as part of the destination. I haven't tried it yet, but I think I can probably make it work. Aside from using a template, is there a more elegant solution to this using syslog-ng?

Also, is there a way to insert a string into syslog (not syslog-ng) data?

Thanks in advance.

-jc


More information about the Opensource mailing list