# syslog.conf lines for specific application's to send to remote syslog server



## herpus__derpus (May 16, 2018)

I have a process running the binary /usr/local/bin/radiusd and I want to send it's syslog messages to a remote syslog server, syslog1.mycorp.com

I tried to a local log file first.

```
#!/usr/local/bin/radiusd
*.*                                             /var/log/mysyslog
```

But no entries in the /var/log/mysyslog log file. They do appear in /var/log/messages due to the line near the top of the syslog.conf file:

```
*.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err   /var/log/messages
```

Log lines I am trying to capture, come out in /var/log/messages as:


```
May 16 19:27:11 <user.notice> radius1 /usr/local/bin/radiusd[58071]: SIGTERM received: stopping
May 16 19:27:11 <user.notice> radius1 /usr/local/bin/radiusd[58115]: Server started: Radiator 4.17 on radius1
```

Can someone show me how I can redirect just the logs from this radiusd to a different destination? Eventually I want to send these logs to two remote syslog servers, which is not supported internally by radiusd, hence the use of local syslogd


----------



## ShelLuser (May 16, 2018)

Now, I'm not familiar with the way Radius logs these things but I can help you with the syntax & concept. And I can definitely understand your confusion: been there, done that 

You're right: the application probably sends out messages with a notice priority which are then captures by the line you quoted. Solution: tell syslogd to ignore the application for the first log entries:


```
!-imap,named,pkg-static,pkg
*.notice;authpriv.none;kern.debug;lpr.info;mail.crit    /var/log/messages
```
This is from my own /etc/syslog.conf and as you can see I'm telling syslogd to ignore stuff from IMap (Cyrus IMAP server), Named (Bind DNS server) and pkg-static / pkg (because all those messages get logged to a separate logfile).

Now, my setup is a bit more complex because I have multiple applications to attend to but you could probably suffice with merely ignoring radius;  check the log entry, the name before the colon should be the application name. For example, an OpenVPN upgrade I just did:


```
May 16 22:28:01 unicron pkg: openvpn-2.4.5 deinstalled
May 16 22:28:02 unicron pkg-static: openvpn-2.4.6 installed
```
See?  This tells me that pkg and pkg-static were the application names involved.

You could then activate it by doing something like this at the end of your syslog.conf:


```
# Package management
!pkg,pkg-static
*.*                                             /var/log/pkg.log
```
Now, in my example I used pkg (I'm lazy like that  ) but you should obviously replace 'pkg' with the name of whatever application your setup uses (I assume 'radius' but I simply don't know).

(edit): ok, I glossed over your post. You'll need to specify radius1 (as you've shown above).

syslog.conf(5) will tell you how to sent something to another host, but since I'm typing anyway....


```
!pkg
*.*              @loghost.intranet.lan
```
.... this is how I'd set that up.

Hope this can help you!


----------

