Hi everybody,
I setup a syslog server in order to monitoring routeurs and firewalls. I use this command : logging facility local0 ..................... logging facility local7
so I can only 8 devices and each device sends syslog messages to the same log file on my server. Only EIGHT devices?
This was one of the problems with the 'old' syslogd implementation being dependant on PRIORITY.FACILITY for it's configuration. With syslog-ng, you can have each host log to a different file by using the host("blah"); directive in filters, or automatically generated placement names. An example config snippet for manual configuration would be: source net { udp(ip(65.192.8.14) port(514)); }; destination routers_d { file("/var/log/routers.log"); }; destination firewall_d { file("/var/log/firewall.log"); }; filter routers { host(x.x.x.x) or host(x.x.x.x); }; filter firewall { host(x.x.x.x); }; log {source(net); filter(routers); destination(routers_d); }; log {source(net); filter(pix); destination(firewall_d); }; Or another (eaiser to work with) option, is to have things automatically assigned, would be to setup a destination like: source net { udp(ip(65.192.8.14) port(514)); }; destination auto { file("/var/log/$HOST/syslog"); }; log { source(net); destination(auto_d); Cheers! -- A.L.Lambert ------------------------------------------------------------------------ The problems that exist in the world today cannot be solved by the level of thinking that created them... -Einstein ------------------------------------------------------------------------