Is it possible to configure multiple sources, one with flags(no-parse) and one without?

 

e.g.

 

source s_syslog-ports {

        udp(port(514));

        tcp(port(1514) max-connections(100));

        tcp(port(514) max-connections(100));

};

 

source s_syslog_np-ports {

        udp(port(514) flags(no-parse));

        tcp(port(1514) max-connections(100) flags(no-parse));

        tcp(port(514) max-connections(100) flags(no-parse));

};

 

filter f_Cisco-router { in-list("/etc/syslog-ng/filter/Cisco-router.txt", value("SOURCEIP")); };

destination d_Cisco-router {file("/var/log/IT/network/router/cisco/${SOURCEIP}/${SOURCEIP}-${YEAR}${MONTH}${DAY}.log" template(t_message-only));};

log {source(s_syslog-ports); filter(f_Cisco-router); destination(d_Cisco-router);};

 

filter f_Cisco-switch { in-list("/etc/syslog-ng/filter/Cisco-switch.txt", value("SOURCEIP")); };

destination d_Cisco-switch {file("/var/log/IT/network/switch/cisco/${SOURCEIP}/${SOURCEIP}-${YEAR}${MONTH}${DAY}.log" template(t_message-only));};

log {source(s_syslog_np-ports); filter(f_Cisco-switch); destination(d_Cisco-switch);};

 

Whenever I do this, I get an error message when restarting the service.

“Job for syslog-ng.service failed because the control process exited with error code. See "systemctl status syslog-ng.service" and "journalctl -xe" for details.”

“Cannot add dependency job for unit microcode.service, ignoring: Unit is not loaded properly: Invalid argument.”

 

______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq