Hello,
I am new to Solaris. However, I was able to configure the Syslog server on Solaris. I am using a windows client to send logs to my Solaris syslog server. this is working fine. however, I have 23 servers which are sending their logs to the syslog server and it is very difficult to read all these logs. Is there a script which will allow me to configure server 1 to write all logs to its own text files, server 2 to its own textfile, and so on.
Thanks
Solaris by default writes own textfiles, if there is a loghost entry in /etc/hosts,
for example
1.2.3.4 myhostname.my.domain myhostname loghost
and files (/etc/hosts and /etc/inet/ipnodes) are consulted before the other naming services in /etc/nsswitch.conf,
for example
hosts: files dns nis nisplus ldap
ipnodes: files
The check is
getent hosts loghost
that should report the own hostname.
(After a change the syslogd should be restarted.)
Check out syslog-ng for Solaris (syslog-ng - Multiplatform Syslog Server and Logging Daemon), I use this on all my Solaris and windows systems. The filtering rules will allow you to separate out the log files based on the server they came from.