Hi, What would an example message look like? 2018-07-24T16:12:20+02:00 WAN(11) Connection: Wan link down. What kind of source driver do you use in your configuration? I have one idea only: - don't use HOST field, but HOST_FROM if the separate messages are coming from different hosts and not from a relay. I see it is similar to Fabien's. Regards, Gabor On Fri, Jul 27, 2018 at 1:03 PM Fabien Wernli <wernli@in2p3.fr> wrote:
Hi,
On Fri, Jul 27, 2018 at 11:55:42AM +0200, freebsd@tango.lu wrote:
How do I force all the logs into one logfile for this one specific host? If possible I don't want to change my current rules just extend them.
You could use the SOURCEIP macro or the netmask filter. There are multiple ways to achieve what you ask, many depending on the syslog-ng version you use and on your config. The most compatible way to do it is probably using a separate log path:
log { source(s_syslog); filter { netmask(10.0.0.1/32) }; destination(d_net_some_host); flags(final); };
Notice the "final" flag which makes sure the message won't make it to other log paths.
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq