^TipsAnd...

?TableOfContents

How to configure socklog to resemble sysklogd on Debian closely

Packages required

apt-get install socklog-run

requires runit (or supervise).

Preserve valuable information from sysklogd:

syslogd-listfiles > logfiles
syslogd-listfiles --auth >> logfiles
syslogd-listfiles --weekly >> logfiles

This should give the following logfiles:

/var/log/syslog
/var/log/auth.log
/var/log/mail.warn
/var/log/uucp.log
/var/log/user.log
/var/log/daemon.log
/var/log/messages
/var/log/debug
/var/log/auth.log
/var/log/mail.err
/var/log/mail.log
/var/log/kern.log
/var/log/lpr.log
/var/log/mail.info

modifications to socklog

/var/log/socklog/syslog/config:

s999999
n5
+*
-auth.*
-authpriv.*
-daemon.info*

/var/log/socklog/debug/config:

s999999
n5
-*
+*.debug*
-auth.*
-authpriv.*
-news.*
-mail.*

create /var/log/socklog/messages:

install -d -m 2750 -olog -gadm /var/log/socklog/messages

create /var/log/socklog/messages/config:

echo <<EOF
s999999
n5
+*.info*
+*.notice*
+*.warn*
-authpriv.*
-auth.*
-cron.*
-daemon.*
-mail.*
-news.*
EOF > /var/log/socklog/messages/config

/etc/socklog/unix/log/run:

 #!/bin/sh
 exec chpst -ulog svlogd \
   main/main main/auth main/cron main/daemon main/debug main/ftp \
   main/kern main/local main/mail main/news main/syslog main/user \
   main/messages

(Just add a \ to the last line and append main/messages)

Signal socklog:

svc -t /service/socklog-unix/log

modify the /var/log directory

Essentially replace the files by symlinks pointing to socklog/*/current

Example, auth.log:

• 1 determine the medium daily logsize: [=zcat auth.log..gz > logsize]
  • divide the filesize in bytes of logsize between the number of [=.log] files: *

    ls -l logsize
    echo $((###/7))
    rm logsize

  • set this as the filesize in the log/auth/config file 2 eventually save the current logs: savelog -c 100 -n auth.log 3 link: ln -s log/auth/current auth.log

---

CategoryTips