Okay! We have 2 problems;

 

1- The hostname of the syslog receiver is SECU-Rcv1 and SECU-Rcv2

   So with a destinations like destination:   d_std  { file("/export/disk1/log/$HOST/$YEAR/$MONTH/messages.log"); };

   We receive the log in /export/disk1/log/SECU-Rcv2 on the local host why not the ip like other host ??

 

2- We have 2 syslog collector and a big config file with each host (customer) defined line by line and a rule with unknown,

   the problem is that each host log correctly to the respective directory but they also log to my unknown directory, I want

   to be able to say, if no filter match, log to unknown...

  

   Thanx a lot!

 

Kéven Belanger

Analyste en solutions de sécurité
Logicon Inc. - Division Sécurité
819.825.8049 x7717

800.567.6399 x7717