You could always check out Splunk, though that can be an overkill sometimes. On 6/22/07, Bryan O'Neal wrote: > Getting Closer! > > I am finding I am getting a lot of information, so I need new solutions. > I need a good parser, if none exists I will create one my self using > Java, which I know is the wrong language but it is also the one I know. > > > -----Original Message----- > From: plug-discuss-bounces@lists.plug.phoenix.az.us > [mailto:plug-discuss-bounces@lists.plug.phoenix.az.us] On Behalf Of > Bryan O'Neal > Sent: Thursday, June 21, 2007 7:54 PM > To: Main PLUG discussion list > Subject: RE: Help with syslog > > /etc/sysconfig on mine :) > > Thanks Hans! > > -----Original Message----- > From: plug-discuss-bounces@lists.plug.phoenix.az.us > [mailto:plug-discuss-bounces@lists.plug.phoenix.az.us] On Behalf Of > der.hans > Sent: Thursday, June 21, 2007 2:03 AM > To: Main PLUG discussion list > Cc: Arizona State University Linux Users Group > Subject: Re: Help with syslog > > Am 20. Jun, 2007 schwtzte Bryan O'Neal so: > > moin moin Bryan, > > > I have a dozen or so devices that shoot me syslog info and, I will > > admit, up until now I have been using a windows box as my syslog > server. > > Now I want to use my linux box. I have two nicks in my linux box and > I > > pointed my devices to the IP of eth0. I then added local0.* through > > local6.* to my syslog.conf and pointed them to respective logs. I > > restarted syslog (service syslog restart) and eagerly awaited > > information, but none arrived. > > Is your syslog server listening for external syslog entries? > > # For remote UDP logging use SYSLOGD="-r" > > That's in /etc/default/syslogd on my box. > > If you've got the -r set, you might want to verify that syslog is > listening to UDP port 514 on eth0. > > After that make sure you don't have any firewall rules preventing > receiving the packets. > > If all of that is good use tcpdump/wireshark/etc. on the client box to > investigate the packets being sent. > > ciao, > > der.hans > -- > # https://www.LuftHans.com/ http://www.CiscoLearning.org/ > # "I decry the current tendency to seek patents on algorithms. There > are > # better ways to earn a living than to prevent other people from making > use > # of one's contributions to computer science." -- Donald E. Knuth > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > To subscribe, unsubscribe, or to change your mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > To subscribe, unsubscribe, or to change your mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > -- "Courage is like love; it must have hope to nourish it." -Napoleon Bonaparte --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss