Yup,I like this idea. We should really make this available as a macro, and send it via structured data. RFC5424 even has a field for this.
RobertRegards,Hi,Having the operating system available as a macro came up earlier this week in a thread on serverfault, so it might make a useful feature.On Thu, Oct 29, 2015 at 8:25 PM, Evan Rempel <erempel@uvic.ca> wrote:You could use a second interface on the syslog servers and configure the solaris servers to use this alternate IP address.
You could also use a different port.
Then you could tag the source with "solaris" and then use the tag filtering to separate those message out of the mix.
Just my $0.02
On 10/29/2015 12:22 PM, vijay amruth wrote:
Thank you fo rthe reply Balazs.
Can we use filter functions like this below ?
filter f_solaris {host('uname == solaris') }
My idea is to identify solaris servers.
Thanks all,~Vj
On Thu, Oct 29, 2015 at 12:59 AM, Balazs Scheidler <bazsi77@gmail.com> wrote:
Well, probably the only sensible way is to filter based on IP addresses.
On Oct 29, 2015 6:09 AM, "vijay amruth" <vijayamruth@gmail.com> wrote:
______________________________________________________________________________Hello All,
We are drawing logs from several hosts which include solaris(10,11) , linux (centos, ubuntu, rhel) into syslog servers, I want to be able to separate solaris logs, is there any pattern we can match for solaris logs that you may know ?
Thanks,Vijay Amrut.
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq
--
Thanks,Vijay Amrut.
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq