On Thu, 13 Dec 2007 13:49:52 PST, Chuck said:
I used this product a long time ago and it looks like its come a long way. I had one question - I want to deploy syslog-ng on my syslog box and then have all my other servers send standarad syslog message to it remotely (my enviornment in a mix of rhel 4, rhel 5, solaris 10, and sles 9) Can syslog-ng parse the standard syslog messages and route them to individual files per server w/o adding syslog-ng itself to the client systems?
Here's what I use: destination d_mesg { file("/logs/$HOST/$YEAR/$MONTH/messages-$YEAR-$MONTH$DAY"); }; $HOST gives me a directory per source, and the others give me automagic log rotation without needing a cron job. I'm currently catching from a large number of sources - Solaris 8 through 10, AIX, NetApp's OnTap, Linux (several distros), and even a few HP printers. It doesn't even need to be "standard" syslogd - all it needs for $HOST to work is the source IP address (and maybe a PTR entry in the DNS if you want it to log to readable hostnames rather than IP addresses).