On Tue, 2009-11-03 at 09:36 -0600, Matt Zagrabelny wrote:
On Tue, 2009-11-03 at 15:27 +0000, Christopher Barry wrote:
Hi All,
Looking for good config example that: sets up syslog-ng as the central log server catching standard remote syslog hosts logs, placing them in hostname dirs, with all of the remotes hosts logfiles intact in the hostname dirs. Creating 'date' dirs above the hostname dirs would be sweet too.
source s_remote { udp(); };
destination df_catch_all { file("/storage/syslog/hosts/$HOST/$YEAR/$MONTH/$DAY/$FACILITY" owner(root) group(root) perm(0644) dir_perm(0755) create_dirs(yes) ); };
log { source(s_remote); destination(df_catch_all); };
This creates the date directories below the hostnames. (This is not a full config file, just a partial.)
Cheers,
Thanks Matt. I see the key is the destination definition and the final targeting of it. Much thanks for a clear answer. -C