27 Jul
2018
27 Jul
'18
12:03 p.m.
Hi, On Fri, Jul 27, 2018 at 11:55:42AM +0200, freebsd@tango.lu wrote:
How do I force all the logs into one logfile for this one specific host? If possible I don't want to change my current rules just extend them.
You could use the SOURCEIP macro or the netmask filter. There are multiple ways to achieve what you ask, many depending on the syslog-ng version you use and on your config. The most compatible way to do it is probably using a separate log path: log { source(s_syslog); filter { netmask(10.0.0.1/32) }; destination(d_net_some_host); flags(final); }; Notice the "final" flag which makes sure the message won't make it to other log paths.