destination d_file { file("/var/log/${HOST}/${PROGRAM}.log"); };
I'm having some conniptions doing central logging using syslog-ng. Here is the scenario:
- I generate logs using syslog-ng on local servers and then send them to a log-destination server. Here is an example of some of the conf files on the generating server:
more iptables.log.conf
source s_var_log_iptables.log { file("/var/log/iptables.log" program-override(var_log_iptables.log) flags(no-parse)); };
log { source(s_var_log_iptables.log); destination(d_midfin_logger_2) ; };
more midfin_logger_2.conf
template t_sdx_tagged {
template("$ISODATE $HOST $PROGRAM $MSG
");
template_escape(no);
};
destination d_midfin_logger_2 { tcp( "10.4.16.161" port(514) template(t_sdx_tagged)); };
What I am trying to do on the log host is to:
I've been unable to grok the documentation to figure out quite how to do this and would really appreciate some help.
- Segregate at the top level by host. For each such host:
- Split the logs into different directories so that for example, I'll have one directory for the audit log from that host, another for iptables etc - so that under each host I'll have /var/log/iptables.log etc.
thanks
vk
==
____________________________________________________________ __________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/? product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq