Try HOST_FROM instead of HOST Possibly also try no-parse Jim On Fri, Jul 27, 2018, 5:55 AM <freebsd@tango.lu> wrote:
Hello,
I have a syslog server setup which works quite well for most of the hosts:
destination d_net_debug { file("/var/log/$HOST/debug"); };
destination d_net_error { file("/var/log/$HOST/error"); };
This way I dont have to define every host which logs there but they will be autocreated.
I have a quite misbehaving Asus router device however which keep sending strings like:
FTP WAN(11) WAN(8) WAN(3)
as host therefore syslog-ng interpret these messages like it would be coming from different $HOSTs and keep creating directories for them.
2018-07-22T20:45:59+02:00 WAN Connection: Wan link down. 2018-07-24T16:12:20+02:00 WAN Connection: Wan link down. 2018-07-22T20:45:59+02:00 WAN Connection: Wan link down. 2018-07-24T16:12:20+02:00 WAN Connection: Wan link down.
How do I force all the logs into one logfile for this one specific host? If possible I don't want to change my current rules just extend them.
Thank you.
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq