Shouldn't it befilter f_colo_sj { host("^sj1*"); };
filter f_colo_du { host("^du1*"); };
filter f_colo_da { host("^da1*"); };Sagar--On Wed, Aug 22, 2012 at 2:55 PM, Gergely Nagy <algernon@balabit.hu> wrote:Yep, it is.sagar naravane <sagar.naravane@gmail.com> writes:
> I am a newbie to syslog-ng solution. I am trying to create a common config
> file to be distributed across client machines in San Jose, Dallas and
> Dublin colos. Every colo has 1 dedicated relay which forwards log data to a
> central server
>
> (SJ|DU|DA)_ client --> (SJ|DU|DA)_ relay --> SYSLOG-NG server
>
> the clients located in these colos have sj,du & da in their hostnames eg
> da1xxx058, du1xxx059, sj1xxx060. I want to setup the config in a way that
> based on hostname the config decides what relay to connect to.
>
> Is this possible ?
One way to do it is to use filters: you set up a filter that matches
each colo, and set up your destinations so that each message that
matches a given colo filter, goes to the appropriate relay.
Something along these lines:
filter f_colo_sj { host("^sj"); };
filter f_colo_du { host("^du"); };
filter f_colo_da { host("^da"); };
destination d_relay_sj { ... };
...
log {
source(s_local);
filter(f_colo_sj);
destination(d_relay_sh);
flags(final);
};
log {
source(s_local);
filter(f_colo_du);
destination(d_relay_du);
flags(final);
};
...and so on and so forth. The disadvantage here is that you need a
filter and a destination for each relay, but with only 3 relays, that's
bearable.
--
|8]
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq
Regards,
Sagar Naravane