Help setting up Metalog

[LostGen]

Hi everyone,

I have a few cisco devices setup right now that dump there logs to a windows device running kiwi syslog. I would like to cut this windows device out and use one of my gentoo boxes running metalog instead. I am looking at the metalog config and am not quite sure how to set it up to receive these incoming logs. Also so you are away the metalog config is the default one you get when you first emerge metalog.

Cisco Device: 192.168.1.1
Gentoo Metalog Box: 192.168.1.10


################Metalog Config Blurb#########################
SSH Server :

program = "sshd"
logdir = "/var/log/sshd"
######################################################

So this is pretty self explanatory, I was hoping there would be a way to do somthing like this but I am not sure exactly how to put it all together.

################Imaginery Cisco Config#######################
Cisco Device:

program = "192.168.1.1"
logdir = "/var/log/cisco"
######################################################

Does this make any sense, or am I not even close on this one.

Thanks all,

LG

[deboeck]

No, you're a bit off. 192.168.1.1 is not a program running on your computer, so you probably can't match on the program directive. Use regex or facility. Have a look at the metalog documentation to understand what all this means. You can find it here: http://metalog.sourceforge.net/README.

In any case, metalog is not suitable for what you want to do, because it doesn't support network logging. It can only log messages from the machine it's running on, NOT messages sent over the network. Have a look at syslog-ng or ksyslog for alternatives.

[LostGen]

Ahh thank you for the help, explains everything.

Take care,

LG