<div>Hello everybody,<br></div><div><br></div><div>I work for a lange society, and we use syslog-ng for 5 years now.</div><div>We have a centralized server with storage tank to keep logs securly.</div><div><br></div><div>Concretely, we have 2 centralized servers syslog-ng in chrooted environement, and 50 clients servers.<br>
</div><div><br></div><div>Since we use TLS transport in place of stunnel workaround, we have many issues : </div><div>- First of all, many logs aren't writen in $HOST folder but in IPADDRESS folder. So, to be clear, this is an exemple :</div>
<div># ls</div><div><div>drwxr-x--- 8 root adm 4,0K 1 mars 00:07 10.0.0.1</div><div>drwxr-x--- 53 root adm 4,0K 19 mars 00:35 host1<br></div></div><div><br></div><div>I assume that host1 have 10.0.0.1 IP address and </div>
<div><br></div><div><div># tree <a href="http://192.168.100.79/2012-03/" target="_blank">192.168.100.79/2012-03/</a></div><div><a href="http://10.0.0.1/2012-03/" target="_blank">10.0.0.1/2012-03/</a></div><div>├── 02-user-10.0.0.1.log.bz2</div>
<div>├── 06-user-10.0.0.1.log.bz2</div><div>├── 07-user-10.0.0.1.log.bz2</div><div>├── 08-user-10.0.0.1.log.bz2</div><div>├── 09-user-10.0.0.1.log.bz2</div><div>├── 12-user-10.0.0.1.log.bz2</div>
<div>├── 13-user-10.0.0.1.log.bz2</div><div>├── 14-user-10.0.0.1.log.bz2</div><div>├── 15-user-10.0.0.1.log.bz2</div><div>├── 16-user-10.0.0.1.log.bz2</div><div>└── 19-user-10.0.0.1.log</div>
</div><div><br></div><div><div># tree host1/2012-03/ |grep 19-</div><div>├── 19-apache.access-host1.log</div><div>├── 19-apache.error-host1.log</div><div>├── 19-authpriv-host1.log</div><div>├── 19-auth-host1.log</div>
<div>├── 19-cron-host1.log</div><div>├── 19-daemon-host1.log</div><div>├── 19-kern-host1.log</div><div>├── 19-mail-host1.log</div><div>├── 19-nagios-host1.log</div><div>├── 19-puppetd-host1.log</div><div>├── 19-syslog-host1.log</div>
<div>└── 19-user-host1.log</div></div><div><br></div><div>(we have this problem with many servers)</div><div>In facility "user" for host 10.0.0.1 in fact i have log for snmptrapd... But why ??</div><div><br>
</div><div>We have config for snmpd but not for snmptrapd... </div><div>So i have tried to define a default facility => failed</div><div>After i have tried many dns and hostnames options => failed</div><div><br></div>
<div>As anyone here have a way to search for me ?</div><div>If you need more details, i'm your's.</div><div><br></div><div>Kind regards.</div><div>--</div><div>JG</div>