set up your source:
source src { unix-stream("/dev/log"); internal(); udp(ip(0.0.0.0) port (514)); };
set up a simple filter:
filter f_syslog { not facility(auth, authpriv) and not facility(mail) ; };
and set up the destination file be a new file for each new host:
destination syslog { file("/var/log/HOSTS/$HOST"); };
and don't forget the log statement:
log { source(src); filter(f_syslog); destination(syslog); };
chris
On 9/7/05, Joost greene <joost.greene@gmail.com> wrote:
Hello,
I have different sets of devices, dslams, nas, core routers, customer routers,...
i want to syslog them all, i want to make each device log to a file
separately to ease it up for NOC, someone suggested syslog-ng, frankly,
i got quickly lost in its docs, the syntax isnt clear, how can i just
easily specify to let it log per source into different files ?
Regards,
Joost
_______________________________________________
syslog-ng maillist - syslog-ng@lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html