Gergely, Here all three log {} gets executed. What i am basically looking for is a "if..else" or "case" sort of condition where only one of client-relay communication happens based on hostname of client system. Aug 22 02:33:39 sj1slm227 syslog-ng[1166]: Syslog connection established; fd='12', server='AF_INET(10.5.81.89:514)', local='AF_INET(0.0.0.0:0)' *Aug 22 02:36:48 sj1slm227 syslog-ng[1166]: Syslog connection failed; fd='66', server='AF_INET(10.116.104.86:514)', error='Connection timed out (110)', time_reopen='60'* *Aug 22 02:36:48 sj1slm227 syslog-ng[1166]: Syslog connection failed; fd='65', server='AF_INET(10.129.104.21:514)', error='Connection timed out (110)', time_reopen='60'* On Wed, Aug 22, 2012 at 3:01 PM, sagar naravane <sagar.naravane@gmail.com>wrote:
Shouldn't it be
filter f_colo_sj { host("^sj1*"); }; filter f_colo_du { host("^du1*"); }; filter f_colo_da { host("^da1*"); };
Sagar
On Wed, Aug 22, 2012 at 2:55 PM, Gergely Nagy <algernon@balabit.hu> wrote:
sagar naravane <sagar.naravane@gmail.com> writes:
I am a newbie to syslog-ng solution. I am trying to create a common config file to be distributed across client machines in San Jose, Dallas and Dublin colos. Every colo has 1 dedicated relay which forwards log data to a central server
(SJ|DU|DA)_ client --> (SJ|DU|DA)_ relay --> SYSLOG-NG server
the clients located in these colos have sj,du & da in their hostnames eg da1xxx058, du1xxx059, sj1xxx060. I want to setup the config in a way that based on hostname the config decides what relay to connect to.
Is this possible ?
Yep, it is.
One way to do it is to use filters: you set up a filter that matches each colo, and set up your destinations so that each message that matches a given colo filter, goes to the appropriate relay.
Something along these lines:
filter f_colo_sj { host("^sj"); }; filter f_colo_du { host("^du"); }; filter f_colo_da { host("^da"); };
destination d_relay_sj { ... }; ...
log { source(s_local); filter(f_colo_sj); destination(d_relay_sh); flags(final); };
log { source(s_local); filter(f_colo_du); destination(d_relay_du); flags(final); };
...and so on and so forth. The disadvantage here is that you need a filter and a destination for each relay, but with only 3 relays, that's bearable.
-- |8]
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
-- Regards,
Sagar Naravane
-- Regards, Sagar Naravane