On Tue, 11 May 1999, Balazs Scheidler wrote:
Next. Standard syslogd writes "host" field correct - corresponding to client name, but remote client's messages in syslog-ng always looks like "srcname/syslog-ng_server_name". It's too hard for admin to separate logfiles visually.
Yes, there's a problem in hostname generation in current versions, it's fixed here in my local copy, but the source is in a bit of flux now, and I didn't want to release it.
For last :) Can somebody give me _working_ example of log separating by remote hostname or IP address. It's not trivial for me :)
There are two ways doing this:
modifying the /etc/services file to make your syslogd to log to a different port (instead of 514). Each client hosts log to a different port number, then declare a source for each client:
source c1 { udp 0.0.0.0,514; }; source c2 { udp 0.0.0.0,515; }; etc.
Each computer's log come from a distinct source.
Yes - It's works fine, but announced "host" filter does not. My simple config: ----------------- source src { udp 0.0.0.0,514; }; destination dest { file /var/log/syslog-ng.monkey; }; filter monk { host("monkey"); }; log { source src; filter monk; destination dest; }; ----------------- In "monkey" (monkey is real hostname) host I have standard syslogd with: *.* @syslog-ng_hostname And....nothing. With syslog-ng config like: ----------------- source src { udp 0.0.0.0,514; }; destination dest { file /var/log/syslog-ng.monkey; }; log { source src; destination dest; }; ----------------- all works, of course. Is standard syslogd compatible with syslog-ng as client? Do I understand "host" filter directive right? Thanks.
Another solution is to use the new host() filter:
source src { udp 0.0.0.0,514; }; # each computer logs to this source
filter f_c1 { host("hostname1"); }; filter f_c2 { host("hostname2"); };
log { source src; filter f_c1; destination c1; }; ...
-- Bazsi PGP key: http://www.balabit.hu/pgpkey.txt, or finger bazsi@balabit.hu
_______________________________________________ syslog-ng maillist - syslog-ng@vekoll.saturnus.vein.hu http://vekoll.saturnus.vein.hu/mailman/listinfo/syslog-ng
--- Pavel Golubev PG810-RIPE Global Ukraine Inc.