This could be accomplisted with something as simple as:
source s_tail {
file("/path/to/log.file1" follow_freq(1)
flags(no-parse));
file("/path/to/log.file2" follow_freq(1)
flags(no-parse));
file("/path/to/log.file3" follow_freq(1)
flags(no-parse));
};
log { source(s_tail); destination(loghost); };
destination loghost
{tcp("centrallogger.yourdomain.com");};
From:
syslog-ng-bounces@lists.balabit.hu [mailto:syslog-ng-bounces@lists.balabit.hu] On
Behalf Of Tony MacDoodle
Sent: Thursday, March 31, 2011 6:11 AM
To: syslog-ng@lists.balabit.hu
Subject: [syslog-ng] how to push sulogs/utmpx/wtmpx to central logserver
Hello All,
I would like to push only the following log files to a central syslog-ng
server. All clients are Solaris 10 and the syslog-ng server is also Solaris 10.
IS it possible to push only this information?
wtmpx
utmpx
sulog
Thanks