On nate campin site, he has this syntax: destination hosts { file("/var/log/HOSTS/$HOST/$YEAR/$MONTH/$DAY/$FACILITY$YEAR$MONTH$DAY" owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes)); }; log { source(src); destination(hosts); }; How does this identify which host is which? Thanks, Mark Nate Campi wrote:
On Thu, May 11, 2006 at 06:54:16PM -0400, Mark R. White wrote:
I want to setup a syslog-ng server to do syslogging for my network. So far it's easy, the part I'm having trouble with, and I'm not even sure if it's possible, is I want to log by device to it's own individual syslog file. Hence the reason for using syslog-ng vice sysklogd, I think the syntax would be something as follows, but I could be way off base.
Use something like this:
http://www.campin.net/newlogcheck.html#syslog-ng
I also don't understand where to define the facilities as I did in standard syslog. Any help would be greatly appreciated. One other quick question, when I do a default install of syslog-ng (on Debian Etch), it automatically logs to the tty. Is this correct for all versions, and whether it is or it's not, how do I stop it?
Comment out the sources and destinations that mention console or tty (names like xconsole and du_all I think). I get dropped messages stats lines when I keep that default debian console/tty stuff enabled.
Not logging to consoles or tty's speeds things up, see: