syslog in redhat5
In RedHat 5 , classic syslog is enabled and configured to forward logs to a remote syslog server. I've noticed forwarded logs have been excluded "Date,Time" and "IP-address" of the host.
raw log example : (It is without Time , Date and IP-address)
<85>sudo: em : TTY=unknown ; PWD=/home/em ; USER=root ; COMMAND=/usr/sbin/dmi
also it is not possible to change from syslog to rsyslog.
what is the solution for this issue regardless of changing to rsyslog?
Responses
We started shipping rsyslog v3 in RHEL 5.2 as the rsyslog package and then added the rsyslog5 package later on. See: Matrix of rsyslog versions shipped in Red Hat Enterprise Linux
So your approach to migrate would be:
yum install rsyslog5
chkconfig syslog off; chkconfig rsyslog on
service syslog stop; service rsyslog start
All that said, if you're having trouble sending messages from sysklogd to a remote server over UDP, I first need to know what the remote machine is. Assuming rsyslog, you simply need to modify the config on the receiving rsyslog server.
As to your first question (I've noticed forwarded logs have been excluded "Date,Time" and "IP-address" of the host): I've never seen that before. If you configure RHEL5's sysklogd to send logs to rsyslog in RHEL7, it will work just fine, so the problem is on whatever log server you've got setup to receive your RHEL5 logs.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
