Line 28: |
Line 28: |
| to view new entries being added to your messages log and see if the '''SYSLOG''' entries of your network device or appliance are showing up. | | to view new entries being added to your messages log and see if the '''SYSLOG''' entries of your network device or appliance are showing up. |
| | | |
| + | ==== Adding a SYSLOG facility and receive WINDOWS event logs ==== |
| + | |
| + | |
| + | create the desired log file: |
| + | touch /var/log/windows |
| + | |
| + | in /etc/e-smith/templates-custom/etc/syslog.conf/00filenames |
| + | add a row |
| + | $windows = "/var/log/windows"; |
| + | |
| + | pay attention to leave the |
| + | ""; |
| + | on the last line! |
| + | |
| + | in /etc/e-smith/templates-custom/etc/syslog.conf/local4 (o one of the other local if they are in use already) |
| + | |
| + | change |
| + | local4.* -{ "${messages}" } |
| + | in |
| + | local4.* -{ "${windows}" } |
| + | |
| + | expand templates |
| + | expand-template /etc/sysconfig/syslog; |
| + | expand-template /etc/syslog.conf |
| + | |
| + | restart syslog |
| + | service syslog restart |
| + | |
| + | to redirect (in copy) the windows logs, I used http://code.google.com/p/eventlog-to-syslog/ |
| + | |
| + | copy evtsys.dll and evtsys.exe to c:\windows\system32 and execute |
| + | evtsys.exe -i -h YOURSMESERVERIP -f local4 |
| + | and then |
| + | net start evtsys |
| | | |
− | ----
| |
| ===SME 9.0 Server as SYSLOG server=== | | ===SME 9.0 Server as SYSLOG server=== |
| | | |
Line 58: |
Line 91: |
| to view new entries being added to your messages log and see if the '''SYSLOG''' entries of your network device or appliance are showing up. | | to view new entries being added to your messages log and see if the '''SYSLOG''' entries of your network device or appliance are showing up. |
| | | |
| + | ===SME 9.0 Server redirect to another syslog file=== |
| | | |
− | ---- | + | mkdir -p /etc/e-smith/templates-custom/etc/sysconfig/rsyslog |
| + | vim /etc/e-smith/templates-custom/etc/sysconfig/rsyslog/10perso |
| | | |
− | === Adding a SYSLOG facility and receive WINDOWS event logs === | + | add this |
| + | if $programname == 'grandstream' then /var/log/grandstream/grandstream.log |
| + | & stop |
| + | then |
| | | |
| + | mkdir /var/log/grandstream |
| + | touch /var/log/grandstream/grandstream.log |
| + | expand-template /etc/sysconfig/rsyslog |
| + | service rsyslog restart |
| | | |
− | create the desired log file:
| |
− | touch /var/log/windows
| |
− |
| |
− | in /etc/e-smith/templates-custom/etc/syslog.conf/00filenames
| |
− | add a row
| |
− | $windows = "/var/log/windows";
| |
− |
| |
− | pay attention to leave the
| |
− | "";
| |
− | on the last line!
| |
| | | |
− | in /etc/e-smith/templates-custom/etc/syslog.conf/local4 (o one of the other local if they are in use already)
| |
| | | |
− | change
| + | also rotate it |
− | local4.* -{ "${messages}" } | + | vim /etc/logrotate.d/grandstream |
− | in
| |
− | local4.* -{ "${windows}" }
| |
| | | |
− | expand templates
| + | /var/log/grandstream/*.log { |
− | expand-template /etc/sysconfig/syslog; | + | weekly |
− | expand-template /etc/syslog.conf | + | rotate 5 |
| + | compress |
| + | notifempty |
| + | missingok |
| + | nocreate |
| + | sharedscripts |
| + | endscript |
| + | } |
| | | |
− | restart syslog
| |
− | service syslog restart
| |
| | | |
− | to redirect (in copy) the windows logs, I used http://code.google.com/p/eventlog-to-syslog/
| |
| | | |
− | copy evtsys.dll and evtsys.exe to c:\windows\system32 and execute
| |
− | evtsys.exe -i -h YOURSMESERVERIP -f local4
| |
− | and then
| |
− | net start evtsys
| |
| | | |
| + | ---- |
| ---- | | ---- |
| [[Category:Howto]] | | [[Category:Howto]] |
| [[Category:Administration:Monitoring]] | | [[Category:Administration:Monitoring]] |