<p dir="ltr">Yup,I like this idea. We should really make this available as a macro, and send it via structured data. RFC5424 even has a field for this.</p>
<div class="gmail_quote">On Oct 29, 2015 9:06 PM, "Fekete, Róbert" <<a href="mailto:robert.fekete@balabit.com">robert.fekete@balabit.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div><div>Hi, <br><br></div>Having the operating system available as a macro came up earlier this week in a thread on serverfault, so it might make a useful feature.<br><br></div>Regards, <br><br></div>Robert<br></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Oct 29, 2015 at 8:25 PM, Evan Rempel <span dir="ltr"><<a href="mailto:erempel@uvic.ca" target="_blank">erempel@uvic.ca</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div>You could use a second interface on the
syslog servers and configure the solaris servers to use this
alternate IP address.<br>
You could also use a different port.<br>
Then you could tag the source with "solaris" and then use the tag
filtering to separate those message out of the mix.<br>
<br>
Just my $0.02<div><div><br>
<br>
On 10/29/2015 12:22 PM, vijay amruth wrote:<br>
</div></div></div><div><div>
<blockquote type="cite">
<div dir="ltr">Thank you fo rthe reply Balazs.
<div><br>
</div>
<div>Can we use filter functions like this below ?</div>
<div><br>
</div>
<div>
<div>filter f_solaris {</div>
<div> host('uname == solaris') }</div>
</div>
<div><br>
</div>
<div>My idea is to identify solaris servers.</div>
<div><br>
</div>
<div>Thanks all,</div>
<div>~Vj</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Thu, Oct 29, 2015 at 12:59 AM,
Balazs Scheidler <span dir="ltr"><<a href="mailto:bazsi77@gmail.com" target="_blank"></a><a href="mailto:bazsi77@gmail.com" target="_blank">bazsi77@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<p dir="ltr">Well, probably the only sensible way is to
filter based on IP addresses.<br>
</p>
<div class="gmail_quote">
<div>
<div>On Oct 29, 2015 6:09 AM, "vijay amruth"
<<a href="mailto:vijayamruth@gmail.com" target="_blank">vijayamruth@gmail.com</a>>
wrote:<br type="attribution">
</div>
</div>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div>
<div>
<div dir="ltr"><span style="font-size:12.8px">Hello
All,</span>
<div style="font-size:12.8px"><br>
</div>
<div style="font-size:12.8px">We are drawing logs
from several hosts which include solaris(10,11)
, linux (centos, ubuntu, rhel) into syslog
servers, I want to be able to separate solaris
logs, is there any pattern we can match for
solaris logs that you may know ?
<div><br>
</div>
<div>
<div dir="ltr">Thanks,
<div>Vijay Amrut.</div>
</div>
</div>
</div>
</div>
<br>
</div>
</div>
______________________________________________________________________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
<br>
<br>
</blockquote>
</div>
<br>
______________________________________________________________________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
<br>
<br>
</blockquote>
</div>
<br>
<br clear="all">
<div><br>
</div>
-- <br>
<div>
<div dir="ltr">
<div>Thanks,
<div>Vijay Amrut.</div>
</div>
</div>
</div>
</div>
<br>
<fieldset></fieldset>
</blockquote>
<br>
</div></div></div>
<br>______________________________________________________________________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
<br>
<br></blockquote></div><br></div>
<br>______________________________________________________________________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
<br>
<br></blockquote></div>