It is been long time i looked at the log files methods. I had written an article earlier for logging the dhcp messages at separate location. Suddenly i felt syslog daemon itself missing!. I am not updated 😦 Well, now they comes up with syslog-ng. It is really cool, has all the flexibility. The abstract way of doing things, reg exp support and TCP support. I was trying out for logging the dhcp to log in seperate file just for the learning purpose.
You will have to add the following lines in /etc/syslog-ng/syslog-ng.conf [may be at the bottom]
filter f_daemon { facility(daemon); };
filter f_dhcpd { match(“dhcpd”); };
destination dhcpmessages { file(“var/log/dhcp.log”); };
log { source(src); filter(f_daemon); filter(f_dhcpd); destination(dhcpmessages); };
By default the dhcp sends out in daemon facility , so i just used it. And /var/log/dhcp.log have to be touched. It may ask some time to have a 640 permission. But what ever works for me. and need to do a syslog restart. Now everything goes fine :).
But if you use pipes instead of file in the destination atleast in SuSE you will have to make sure the apparmor [SELinux in redhat] has the permission to write on the ports. I did not try to configure the profile. I just simply unloaded the apparmor and tried it that works.
~:: kalyan ::~ 
hi all! (more times ago, but google show me this)
about it:
it’s not a best way. 😉
dhcpd support option “log-facility local7;” on his dhcpd.conf file
and with this option – thats correcr way for syslog-ng
destination df_dhcpd { file(“/var/log/dhcpd.log”); };
filter f_local7_dhcpd { facility(local7); };
log {
source(s_all);
filter(f_local7_dhcpd);
destination(df_dhcpd);
};
next: remove all of this from /var/log/syslog & /var/log/messages:
in syslog-ng.conf we need edit 2 strings to remove local7 facility from
(example)
filter f_syslog { not facility(local1, auth, authpriv, local7); };
filter f_messages { level(info,notice,warn) and not facility(auth, authpriv, cron, daemon, mail, news, local7);}
that’s all
Comment by alex — May 12, 2011 @ 1:47 pm
At this time I am ready to do my breakfast, afterward having my breakfast coming again to read additional
news.
Comment by Testoril Reviews — April 14, 2013 @ 6:33 am
The better way is: if you don’t want to add the option “log-facility local7”, or you don’t want to rely on it, to cover any cases and to catch all the messages generated by dhcpd daemon:
filter dhcpd { facility(daemon,local7) and match(‘^dhcpd$’ value(“PROGRAM”)); };
destination dhcpd_log { file(“/var/log/dhcpd.log”); };
log { source(s_all); filter(dhcpd); destination(dhcpd_log); };
Comment by Bogdan Velcea — February 24, 2014 @ 4:53 pm
Even better:
filter dhcpd { program(‘^dhcpd$’); };
destination dhcpd_log { file(“/var/log/dhcpd.log”); };
log { source(s_src); filter(dhcpd); destination(dhcpd_log); flags(final); };
Specifing “flags(final)” in log{}, you tell syslog-ng to not log anymore in other logs (like /var/log/messages), but only in this log (/varlog/dhcpd.log).
Comment by Bogdan Velcea — February 24, 2014 @ 5:16 pm
It’s going to be ending of mine day, however before end
I am reading this fantastic piece of writing to improve my know-how.
Comment by home Air filter replacement — October 1, 2014 @ 3:06 am