[syslog-ng]Splitting up Cisco devices

Stephen Bargon syslog-ng@lists.balabit.hu
Mon, 13 Sep 2004 14:14:16 -0500 

Another way of configuring it with date is...

destination messages.network {
file("/export/home/ciscologs/$HOST_messages_$YEAR_$MONTH_$DAY"
owner(root) group(other) perm(0644) dir_perm(0755) create_dirs(yes) );
};

Then I use a cron job to remove logs from the past so there is no
rotation. I just let syslog-ng append new dates
to the end of the hostnames everynight and cron remove previous log
files that are backuped up nightly anyway.

0 1 * * * find /export/home/ciscologs -mtime 7 -exec /usr/bin/rm {} \;

Works on Sun and Linux


-----Original Message-----
From: syslog-ng-admin@lists.balabit.hu
[mailto:syslog-ng-admin@lists.balabit.hu] On Behalf Of Bill Nash
Sent: Monday, September 13, 2004 1:58 PM
To: syslog-ng@lists.balabit.hu
Subject: Re: [syslog-ng]Splitting up Cisco devices


Your best option is to split them up by hostname. Syslog has no
understanding of differing platform types. Most of the cisco devices
will log to the same facility/severity anyway, so hostname is your best
bet.

destination by_host { file("/var/syslog/$HOST"); };

- billn

On Mon, 13 Sep 2004, Rex Petersen wrote:

> Hi
>
>
>
> Anyone who can show me how I split up the log files,
>
> so each device has it's own log file.
>
>
>
> Something like this:
>
>
>
> Devices:
>
>
>
> Cisco 3550-12G Switch:                           cisco3550-12.log
>
> Cisco 3548XL Switch #1:                          cisco3548_1.log
>
> Cisco 3548XL Switch #2:                          cisco3548_2.log
>
> Cisco PIX 515UR Firewall:                       cisco_515.log
>
> VPN3005 Concentrator:                            cisco_3005.log
>
>
>
> Best regards
>
>
>
> Rex Petersen
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>

_______________________________________________
syslog-ng maillist  -  syslog-ng@lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html



The information contained in this message is proprietary of Amdocs,
protected from disclosure, and may be privileged.
The information is intended to be conveyed only to the designated=
 recipient(s)
of the message. If the reader of this message is not the intended=
 recipient,
you are hereby notified that any dissemination, use, distribution or=
 copying of=0D
this communication is strictly prohibited and may be unlawful.=0D
If you have received this communication in error, please notify us=
 immediately
by replying to the message and deleting it from your computer.
Thank you.