Tom, Edwards, Thomas wrote:
Has anyone ever used the Eventlog to syslog program found here.
https://engineering.purdue.edu/ECN/Resources/Documents/UNIX/evtsys
I'm using this as the preferred choice for receiving logs from Windows boxen.
I was trying to decipher their input as to how to word the filters and am coming up short other than putting a direct match for the host name I am using.
Any help would be greatly appreciated.
I don't use a filter, but use a destination along the lines of ... file("/path/to/logs/$HOST/$YEAR-$MONTH-$DAY" template("$FULLDATE $FULLHOST $FACILITY.$PRIORITY $MSG\n") owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes)); ... which means that logs for each host go into a separate directory, and that they are 'rotated' on a daily basis. This may not suit your needs, but works well for me. Cheers Phil