It is been long time i looked at the log files methods. I had written an article earlier for logging the dhcp messages at separate location. Suddenly i felt syslog daemon itself missing!. I am not updated 
Well, now they comes up with syslog-ng. It is really cool, has all the flexibility. The abstract way of doing things, reg exp support and TCP support. I was trying out for logging the dhcp to log in seperate file just for the learning purpose.
You will have to add the following lines in /etc/syslog-ng/syslog-ng.conf [may be at the bottom]
filter f_daemon { facility(daemon); };
filter f_dhcpd { match(“dhcpd”); };
destination dhcpmessages { file(“var/log/dhcp.log”); };
log { source(src); filter(f_daemon); filter(f_dhcpd); destination(dhcpmessages); };
By default the dhcp sends out in daemon facility , so i just used it. And /var/log/dhcp.log have to be touched. It may ask some time to have a 640 permission. But what ever works for me. and need to do a syslog restart. Now everything goes fine 
.
But if you use pipes instead of file in the destination atleast in SuSE you will have to make sure the apparmor [SELinux in redhat] has the permission to write on the ports. I did not try to configure the profile. I just simply unloaded the apparmor and tried it that works.
hi all! (more times ago, but google show me this)
about it:
it’s not a best way.
dhcpd support option “log-facility local7;” on his dhcpd.conf file
and with this option – thats correcr way for syslog-ng
destination df_dhcpd { file(“/var/log/dhcpd.log”); };
filter f_local7_dhcpd { facility(local7); };
log {
source(s_all);
filter(f_local7_dhcpd);
destination(df_dhcpd);
};
next: remove all of this from /var/log/syslog & /var/log/messages:
in syslog-ng.conf we need edit 2 strings to remove local7 facility from
(example)
filter f_syslog { not facility(local1, auth, authpriv, local7); };
filter f_messages { level(info,notice,warn) and not facility(auth, authpriv, cron, daemon, mail, news, local7);}
that’s all
Comment by alex — May 12, 2011 @ 1:47 pm