You could set up filters that each uniquely match the router you want to monitor, then have different log destinations for each of them. Or, assuming that your routers send along a hostname that is also a valid filename, you can do something like this: destination router_logs { file( "/var/log/routers/$HOST-router.log" create_dirs(yes) ); }; Paul Krizak 5900 E. Ben White Blvd. MS 625 Advanced Micro Devices Austin, Tx 78741 CAD Systems Engineering Paul.Krizak@amd.com Terry wrote:
Hello,
I have several routers that I want to receive logs for. Can I send all the logs from these to a single facility and have syslog-ng parse and write them to different log files based on a ruleset such as ip address, type of log, etc. ?
Thanks!
------------------------------------------------------------------------
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html