Re: Getting DHCP logs OUT of syslog
Jim Hyslop wrote:
> Hi,
>
> I have configured my dhcp.conf to use the local7 facility for logging.
> Works great - all the DHCP info goes into /var/log/bind.log, as
> configued in /etc/syslog.conf.
>
> HOWEVER! All the DHCP logging info is *still* going into /var/log/syslog
> as well - i.e. the DHCP info now goes into BOTH logs. How do I tell
> DHCP to send the logs ONLY to local7?
>
> I've tried restarting dhcpd and the syslog daemon, with no luck.
I'm not too familiar with the normal syslogd anymore as I haven't
really used it in years, but in syslog-ng you can configure log
events to go to a destination, and specify an option which will
direct syslog-ng to drop the log event after delivering it to
that particular destination.
e.g.
source all {
unix-stream("/dev/log" keep-alive(yes) max-connections(300));
pipe("/proc/kmsg" log_prefix("kernel: "));
internal();
tcp(ip(0.0.0.0) port(514) max-connections(2500));
tcp(ip(0.0.0.0) port(1514) max-connections(2500));
udp(ip(0.0.0.0) port(514));
};
destination d_splunk { pipe("/syslog_fifo"); };
destination d_cons { file("/dev/console"); };
destination d_messages { file("/messages"); };
destination d_auth { file("/secure"); };
destination d_mail { file("/maillog"); };
destination d_cron { file("/cron"); };
destination d_broadcast { usertty("*"); };
filter f_messages { level(debug..emerg); };
filter f_authpriv { facility(authpriv); };
filter f_mail { facility(mail); };
filter f_emerg { level(emerg); };
filter f_cron { facility(cron); };
log { source(all); destination(d_splunk);
};
log { source(all); destination(d_repos);
};
log { source(all); destination(d_repos); flags(final); };
log { source(all); filter(f_authpriv); destination(d_auth); flags(final);
};
log { source(all); filter(f_mail); destination(d_mail); flags(final);
};
[..]
nate
Reply to: