Hello,

I have a syslog server setup which works quite well for most of the
hosts:

destination d_net_debug {
file("/var/log/$HOST/debug"); };

destination d_net_error {
file("/var/log/$HOST/error"); };

This way I dont have to define every host which logs there but they will
be autocreated.

I have a quite misbehaving Asus router device however which keep sending
strings like:

FTP
WAN(11)
WAN(8)
WAN(3)

as host therefore syslog-ng interpret these messages like it would be
coming from different $HOSTs and keep creating directories for them.

2018-07-22T20:45:59+02:00 WAN Connection: Wan link down.
2018-07-24T16:12:20+02:00 WAN Connection: Wan link down.
2018-07-22T20:45:59+02:00 WAN Connection: Wan link down.
2018-07-24T16:12:20+02:00 WAN Connection: Wan link down.


How do I force all the logs into one logfile for this one specific host?
If possible I don't want to change my current rules just extend them.

Thank you.

______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq