<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix"><br>
<br>
there's actually a ton of ways to do it.<br>
<br>
Roughly in the order I would try them:<br>
<br>
1) If the different logs you want to separate use different
priorities, facilities, programs - you can directly reference
those in filters.<br>
<br>
2) If you need to (or choose to) modify the logs yourself - you
can use program_override() to write a different string in that
section of the syslog message, then filter on that on the
receiving end. NOTE: This option replaces the deprecated <em
class="parameter"><code>log_prefix()</code></em> option.<br>
<br>
3) You can also use <em class="parameter"><code>match(regexp
value("MACRO"))</code></em> where MACRO is MSG or MSGHDR in
the filter to filter messages based on a regex to match text.<br>
<br>
Jim<br>
<br>
<br>
On 09/08/2014 09:46 AM, <a class="moz-txt-link-abbreviated" href="mailto:wiskbroom@hotmail.com">wiskbroom@hotmail.com</a> wrote:<br>
</div>
<blockquote cite="mid:BAY177-W3086DEBABF7920424B3CE1B4C10@phx.gbl"
type="cite">
<meta http-equiv="Context-Type" content="text/html;
charset=iso-8859-1">
<div dir="ltr">I had thought about that, but how do I
differentiate the individual logs on the receiving end?<br>
Doing so would certainly remove the need for me to listen on two
ports, and split output to two ports.<br>
<br>
Thank you,<br>
<br>
.vp<br>
<br>
Vadim Anatoly Pushkin
-- The Ukranian Stallion --<br>
<br>
<div>
<hr id="stopSpelling">Date: Fri, 5 Sep 2014 23:24:25 -0400<br>
From: <a class="moz-txt-link-abbreviated" href="mailto:jrhendri@roadrunner.com">jrhendri@roadrunner.com</a><br>
To: <a class="moz-txt-link-abbreviated" href="mailto:syslog-ng@lists.balabit.hu">syslog-ng@lists.balabit.hu</a><br>
Subject: Re: [syslog-ng] Individual Logs Files to each Forward
to Different server/port?<br>
<br>
<div>Quick thought. Look at filters on the receiving end.
Might be easier.</div>
<div>Jim</div>
<div><br>
</div>
<div><br>
</div>
<div>
<div>Sent from my Verizon Wireless 4G LTE smartphone</div>
</div>
<br>
<br>
-------- Original message --------<br>
From: <a class="moz-txt-link-abbreviated" href="mailto:wiskbroom@hotmail.com">wiskbroom@hotmail.com</a> <br>
Date:09/05/2014 5:42 PM (GMT-05:00) <br>
To: <a class="moz-txt-link-abbreviated" href="mailto:syslog-ng@lists.balabit.hu">syslog-ng@lists.balabit.hu</a> <br>
Cc: <br>
Subject: [syslog-ng] Individual Logs Files to each Forward to
Different server/port? <br>
<br>
<div dir="ltr">Greetings!<br>
<br>
Is is possible to configure a syslog-ng client to forward
logs to a syslog-ng server based on file?<br>
<br>
I am thinking of the following as an example:<br>
<br>
destination named-LOGS {<br>
udp(ip(192.168.1.100) port(555));<br>
};<br>
source named {<br>
file("/var/log/named/bind.log" log_prefix("BIND-LOGS"));<br>
};<br>
log {<br>
source(named);<br>
destination(named-LOGS);<br>
};<br>
<br>
<br>
destination dhcpd-LOGS {<br>
udp(ip(192.168.1.100) port(556));<br>
};<br>
source dhcpd {<br>
file("/var/log/dhcpd/dhcp.log" log_prefix("DHCPD-LOGS"));<br>
};<br>
log {<br>
source(dhcpd);<br>
destination(dhcpd-LOGS);<br>
};<br>
<br>
<br>
In this example, I am sending each to the same destination
IP address, although that is configurable, but each log file
to a different port, and with a different log_prefix as
well.<br>
<br>
<br>
Does this OK,or is their a simpler way?<br>
<br>
<br>
Many thanks,<br>
<br>
<br>
.vp<br>
<br>
Vadim Anatoly Pushkin
<br>
-- The Ukranian Stallion --<br>
<br>
</div>
<br>
______________________________________________________________________________
Member
info: <a class="moz-txt-link-freetext" href="https://lists.balabit.hu/mailman/listinfo/syslog-ng">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a>
Documentation:
<a class="moz-txt-link-freetext" href="http://www.balabit.com/support/documentation/?product=syslog-ng">http://www.balabit.com/support/documentation/?product=syslog-ng</a>
FAQ: <a class="moz-txt-link-freetext" href="http://www.balabit.com/wiki/syslog-ng-faq">http://www.balabit.com/wiki/syslog-ng-faq</a></div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">______________________________________________________________________________
Member info: <a class="moz-txt-link-freetext" href="https://lists.balabit.hu/mailman/listinfo/syslog-ng">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a>
Documentation: <a class="moz-txt-link-freetext" href="http://www.balabit.com/support/documentation/?product=syslog-ng">http://www.balabit.com/support/documentation/?product=syslog-ng</a>
FAQ: <a class="moz-txt-link-freetext" href="http://www.balabit.com/wiki/syslog-ng-faq">http://www.balabit.com/wiki/syslog-ng-faq</a>
</pre>
</blockquote>
<br>
</body>
</html>