12 May
2006
12 May
'06
11:49 a.m.
On Thu, May 11, 2006 at 06:54:16PM -0400, Mark R. White wrote:
I want to setup a syslog-ng server to do syslogging for my network. So far it's easy, the part I'm having trouble with, and I'm not even sure if it's possible, is I want to log by device to it's own individual syslog file.
If "by device" you mean "by source IP address of the syslog packet", then you need the netmask() filter. netmask("10.1.2.3"); -- match from this IP only netmask("10.1.0.0/255.255.0.0"); -- match from this netblock Note that the current released syslog-ng has a bug where conditions like "not netmask(...)" are broken, they are treated as "netmask(...)" HTH, Brian.