I have been testing both nsyslog and syslog-ng recently (after discovering syslog-ng is based on nsyslog). One thing I have noticed while testing syslog-ng 1.4.4, is that it doesn't appear to allow filters such as:
filter myfilter { facility(auth); host(system); };
which were valid in nsyslog.
syslog-ng uses a boolean expression in filter statements like this: filter myfilter { facility(auth) and host(system); };
In addition, nsyslog appeared to support reverse lookups of the source ip, to resolve into fqdn.
try the use-fqdn(yes) option in options(). options { use-fqdn(yes); };
So a message received by nsyslog from host "blah1" would appear in logs as "blah1.mydomain.com". Whereas in syslog-ng it would appear as "blah1" OR with the long_hostnames(yes) option, would log the hostname as "blah1/blah1".
Questions: 1. Is it possible to specify multiple criteria per filter? 2. Is it possible to enable reverse lookups and log hostname in fqdn?
see above. -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1 url: http://www.balabit.hu/pgpkey.txt