Hello, to separate the destination logfiles for each host, use the following destination d_file_foreach_host { file("/var/log/$FULLHOST.log"); } log { source(s_all); destination(d_file_foreach_host), }; hope it helps, regards, Tom Zitat von "tokie@tiscali.it" <tokie@tiscali.it>:
Try using the netmask filter.
filter f_host_a_b_c_d { netmask ("a.b.c.d/32"); };
Tks for reply, I tried but don't work! More specific: I wish that all devicies in my network, logging into a specific file on syslog server.
Now all files log all devicies!! I have the same result in different file(100.log, 101.log, and so on)
Must I use iptables's match?? How??
tks Tokie
p.s.: netmask("a.b.c.
d/32") or netmask("a.b.c.d/255.255.255.255") ???
----Messaggio originale---- Da: syslog-ng-request@lists.balabit.hu Data: 10/12/2011 12.00 A: <syslog-ng@lists.balabit.hu> Ogg: syslog-ng Digest, Vol 80, Issue 15
Send syslog-ng mailing list submissions to syslog-ng@lists. balabit.hu
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.balabit.hu/mailman/listinfo/syslog-ng or, via email, send a message with subject or body 'help' to syslog-ng-request@lists. balabit.hu
You can reach the person managing the list at syslog-ng- owner@lists.balabit.hu
When replying, please edit your Subject line so it is more specific than "Re: Contents of syslog-ng digest..."
Today's Topics:
1. Re: syslog-ng 3.3.3 repeatedly writes same message to local file when forwarding enabled (Dave Haywood)
2. Re: Log only one host (tokie@tiscali.it) 3. Re: Log to syslog file, filter from fifo (Balazs Scheidler) 4. [Bug 146] pdbtool match does not display tags (bugzilla@bugzilla.balabit.com)
----------------------------------------------------------------------
Message: 1 Date: Fri, 09 Dec 2011 11:22:24 +0000 From: Dave Haywood <tla@oak.selfip.net> Subject: Re: [syslog-ng] syslog-ng 3.3.3 repeatedly writes same message to local file when forwarding enabled
To: Syslog-ng users' and developers' mailing list <syslog-ng@lists. balabit.hu> Cc: Sandor Geller <Sandor.Geller@morganstanley.com> Message- ID: <4EE1EF70.1060001@oak.selfip.net> Content-Type: text/plain; charset=ISO-8859-1
On 09/12/2011 09:53, Sandor Geller wrote:
Sounds like messages sent to 192.168.0.7 are feeded back to syslog-ng so there is a logging loop. Is this address local? When not then there
is a chance that the packet filter rule isn't correct. Thanks! You were right, the issue was with the iptables rule. I was trying to capture traffic from localhost to port 514 and redirect it to 1514 using NAT table OUTPUT. I use this for testing every facility / severity combination during install. But I didn't specify a destination host (of the local IP address); I only specified the port. This meant and traffic forwarded to a remote host is redirected by iptables back to the localhost, causing a loop.
Thanks for the help :)
On Fri, Dec 9, 2011 at 10:34 AM, Dave Haywood <tla@oak.selfip.
net> wrote:
Hi,
I have a problem with syslog-ng 3.3.3. When I have forwarding enabled to a remote syslog server (via UDP) syslog-ng repeatedly writes the same message(s) to the log file and only stops when the disk is full. Using tcpdump on the remote server, I don't see any data arrive from the syslog-ng server so forwarding is not working either.
When I remove the forwarding part of the config file the local file is written correctly (ie once). If I remove the local file part from the config file and only enable the forwarding, I see syslog- ng take all the CPU time. I never see any syslog messages arrive at the remote syslog server.
I tried: 1) disabling IPv6 - no change 2) running outside the chroot jail - no change
3) running as userid root - no change
Does anyone have
any idea what would cause this? Debug info below.
The
environment is:
RedHat AS 4.8 (linux 2.6.9-89.ELsmp) on vmware
ESXi 4.1.0
All required software built and installed in
/usr/local/ :
eventlog_0.2.12.tar.gz gettext-0.18.1.1.tar.gz
glib-2.29.90.tar.bz2 libdbi-0.8.4.tar.gz libdbi-drivers-0.8.3. tar.gz libffi-3.0.9.tar.gz libnet-0.10.11.tar.gz pkg-config- 0.26.tar.gz Python-2.7.2.tar.bz2 zlib-1.2.5.tar.bz2 syslog- ng_3.3.3.tar.gz
syslog-ng is running chroot() in directory /data as user
E' nata indoona: chiama, videochiama e messaggia Gratis. Scarica indoona per iPhone, Android e PC: http://www.indoona.com/ ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program.