On Thu, 19 Jul 2007 22:52:46 +0200, Balazs Scheidler said:
On Thu, 2007-07-19 at 21:54 +0300, Ahmad Al-Dosari wrote:
Hi All,
Can some one tell how to log from different hosts to a single file?
I have several firewalls/routers/CSS and would like to have single file for firewalls logs and another for routers logs and the same for CSS. All of the devices logs are sent using udp port 514
I use syslog-ng 2.0.4 and currently all logs are sent to a single file.
Lots of options, the easiest is using $HOST in the destination file name.
I think he wants this: Logs from cisco1, cisco2, cisco3 all go in /var/log/routers Logs from fw-1, fw-2, some-other-firewall go in /var/log/firewalls and so on. If he has a naming convention for his network gear, he *might* be able to do what he wants based on a regexp that *matches* the source hostname. f_filter { match($HOST,"cisco*");} and then use *that* to filter into /var/log/routers, or something like that (I'm late for the door already, somebody else can fix the syntax...)