hello,
i have changed my config as you told me to do:
destination local7 {
file("/var/log/syslog-ng/$SOURCEIP/local7.log"
sync(0) log_fifo_size(10) create_dirs(yes)
owner(root) group(system) perm(0660) dir_perm(0770));
};
but i have still the same problem!
the message: "Jul 17 02:19:19 %STATIC-W-GWAYNOTREACH,/10.146.18.5 Gateway 172.28.3.126 is not reachable."
is stored in "/var/log/syslog-ng/%STATIC-W-GWAYNOTREACH,/local7.log" and not in "/var/log/syslog-ng/10.146.18.5/local7.log" !!!
i hope you can help me once more
manfred bürger
-----Ursprüngliche Nachricht-----
Von: Balazs Scheidler [mailto:bazsi@balabit.hu]
Gesendet: Dienstag, 16. Juli 2002 10:21
An: syslog-ng@lists.balabit.hu
Betreff: Re: [syslog-ng]logfile save problem (again ;)
On Tue, Jul 16, 2002 at 09:48:45AM +0200, Buerger, Manfred wrote:
> hello,
>
> I have allready posted my syslog-ng problem to this mailinglist on friday;
> now, I hope I can make things more clear:
>
> I am using Suse8.0 with syslog-ng to monitor enterasys ans cabletron network
> equipment (switches, routers.... ); and have some problems with the
> configuration:
>
> in my syslog-ng.conf:
>
> destination local7 {
> file("/var/log/syslog-ng/$HOST/local7.log"
> sync(0) log_fifo_size(10) create_dirs(yes)
> owner(root) group(system) perm(0660) dir_perm(0770));
> };
>
> because of this configuration a system message like:
> "Jul 15 13:56:28 %STP-I-PORT_STATUS,/10.146.12.16 Port status change
> detected: et.3.6 - Port Up"
> should be stored in "/var/log/syslog-ng/10.146.12.16/local7.log"
> but it´s stored in: "/var/log/syslog-ng/%STP-I-PORT_STATUS,/local7.log".
destination local7 {
file("/var/log/syslog-ng/$SOURCEIP/local7.log"
sync(0) log_fifo_size(10) create_dirs(yes)
owner(root) group(system) perm(0660) dir_perm(0770));
};
here's the list of macros you can use:
{ "FACILITY", M_FACILITY },
{ "PRIORITY", M_LEVEL },
{ "LEVEL", M_LEVEL },
{ "TAG", M_TAG },
{ "DATE", M_DATE },
{ "FULLDATE", M_FULLDATE },
{ "ISODATE", M_ISODATE },
{ "YEAR", M_YEAR },
{ "MONTH", M_MONTH },
{ "DAY", M_DAY },
{ "HOUR", M_HOUR },
{ "MIN", M_MIN },
{ "SEC", M_SEC },
{ "WEEKDAY", M_WEEKDAY },
{ "UNIXTIME", M_UNIXTIME },
{ "R_DATE", M_DATE_RECVD },
{ "R_FULLDATE", M_FULLDATE_RECVD },
{ "R_ISODATE", M_ISODATE_RECVD },
{ "R_YEAR", M_YEAR_RECVD },
{ "R_MONTH", M_MONTH_RECVD },
{ "R_DAY", M_DAY_RECVD },
{ "R_HOUR", M_HOUR_RECVD },
{ "R_MIN", M_MIN_RECVD },
{ "R_SEC", M_SEC_RECVD },
{ "R_WEEKDAY", M_WEEKDAY_RECVD },
{ "R_UNIXTIME", M_UNIXTIME_RECVD },
{ "S_DATE", M_DATE_STAMP },
{ "S_FULLDATE", M_FULLDATE_STAMP },
{ "S_ISODATE", M_ISODATE_STAMP },
{ "S_YEAR", M_YEAR_STAMP },
{ "S_MONTH", M_MONTH_STAMP },
{ "S_DAY", M_DAY_STAMP },
{ "S_HOUR", M_HOUR_STAMP },
{ "S_MIN", M_MIN_STAMP },
{ "S_SEC", M_SEC_STAMP },
{ "S_WEEKDAY", M_WEEKDAY_STAMP },
{ "S_UNIXTIME", M_UNIXTIME_STAMP },
{ "HOST_FROM", M_HOST_FROM },
{ "FULLHOST_FROM", M_FULLHOST_FROM },
{ "HOST", M_HOST },
{ "FULLHOST", M_FULLHOST },
{ "PROGRAM", M_PROGRAM },
{ "MSG", M_MESSAGE },
{ "MESSAGE", M_MESSAGE },
{ "SOURCEIP", M_SOURCE_IP }
you might also use HOST_FROM or FULLHOST_FROM if you want hostnames instead
of IPs (though it requires use_dns(yes))
--
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1
_______________________________________________
syslog-ng maillist - syslog-ng@lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html