Hello
I change my configuration to :

destination d_separatedbyhosts {
file( "/var/log/$HOST/$HOST.$FACILITY.$SEVERITY.$YEAR.$MONTH.$DAY"owner("root") group("root") perm(0644)); };

log { source(s_netsyslog); destination(d_separatedbyhosts); };

but I when I browse /var/log , I can't see any new file or folder :(. What is the problem?


Cheers.





On Saturday, December 6, 2014 7:29 PM, Jim Hendrick <jrhendri@roadrunner.com> wrote:
very simple.

destination d_separatedbyhosts {
  file( "/var/log/$HOST/$HOST.$FACILITY.$SEVERITY.$YEAR.$MONTH.$DAY" );
}

(didn't you ask this back in August?)

Hello all.
How are you?
I have a windows sever with Syslog agent installed on it and it forward all logs to my Linux box. My Syslog-NG collected it very well but I want to Forward another Windows Events into my Syslog server but How can I modify my current config file for create another file for this new server? I use Logstash and Kibana on my Linux Box, Can it detect my new Log file automatically? 

# syslog-ng configuration file.
#
# This should behave pretty much like the original syslog on RedHat. But
# it could be configured a lot smarter.
#
# See syslog-ng(8) and syslog-ng.conf(5) for more information.
#

options {
flush_lines (0);
time_reopen (10);
log_fifo_size (1000);
long_hostnames (off);
use_dns (no);
use_fqdn (no);
create_dirs (no);
keep_hostname (yes);
};

source s_netsyslog {
udp(ip(0.0.0.0) port(514) flags(no-hostname));
tcp(ip(0.0.0.0) port(514) flags(no-hostname));
};

destination d_netsyslog { file("/var/log/network.log" owner("root") group("root") perm(0644)); };

log { source(s_netsyslog); destination(d_netsyslog); };


as you see it collect Syslog from any IP address.

Cheers.
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq