14 May
2007
14 May
'07
10:14 p.m.
On 5/15/07, Corey Bobb <cbobb@cygnus.com> wrote:
What has to happen is from 1 server the log file gets read/moved over to the other Log server . . .which will then be indexed by splunk. I am learning syslog-ng and am not sure exactly how to make what I am trying to do work. Something like this? log { source(src); filter(status); destination(loghost); };
Note that you can have more than one log target for one source/filter.
Corey M. Bobb Cheers, Andrej