[syslog-ng]dir creation with IP/Host

Ed Ravin syslog-ng@lists.balabit.hu
Fri, 23 Jan 2004 14:23:52 -0500 

On Fri, Jan 23, 2004 at 11:40:20AM -0700, Dylan H. Bouterse wrote:
> ... because syslog-ng is creating a new directory based on what
> looks to be command types. See below:
> 
> %SYS-I-INITSYS,
> %SSH-W-IDLE_TIMEOUT,
> %CLI-E-NOFACINST,

You want to add the option:

        check_hostname(yes);

Which will cause syslog-ng to reject funny-looking hostnames like ones
that begin with %, and use the IP address instead.

> 
> So my question is, is there a way to force a specific host to a specific log file before the auto-creation of directories happens? Below is a snipped of my log file. Hopefully I am including all the info I need to help figure this out, but if I'm not, please let me know.
> 
> options
>   {
>     chain_hostnames(no);
>     create_dirs (yes);
>     dir_perm(0755);
>     dns_cache(yes);
>     keep_hostname(yes);
>     log_fifo_size(2048);
>     log_msg_size(8192);
>     long_hostnames(on);
>     perm(0644);
>     stats(3600);
>     sync(0);
>     time_reopen (10);
>     use_dns(yes);
>     use_fqdn(no);
>   };
> 
> source src { unix-dgram("/dev/log"); internal(); udp(); tcp(port(514)
> keep-alive(yes) max-connections(25));};
> 
> destination std {
>         file("/var/log/HOSTS/$HOST/$HOST.syslog"
> 
>         owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes)
>         );
> };
> 
> 
> 
> Dylan Bouterse
> Network Manager
> Global Card Services
> (407) 206-7714 office
> dhbouterse@fhmsi.com
> 
> Note:          This e-mail and any attachments may be privileged and confidential and protected from disclosure.  If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any disclosure, copying, distribution or use of this e-mail and any attachments is strictly prohibited. If you have received this e-mail in error, please notify us immediately by returning it to the sender and deleting it from your computer system.  Thank you for your cooperation.
> 
> First Horizon Merchant Services.
> 
> _______________________________________________
> syslog-ng maillist  -  syslog-ng@lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
> 

-- 
eravin@    |   Grief can take care of itself; but to get the full
panix.com  |   value of a joy you must have somebody to divide it with.
           |                   -- Mark Twain