Bazsi; I've just compiled eventlog and syslog-ng latest and am unable to find any mention in either sample syslog-ng.conf files, nor in any documentation. How would I go about setting up "LinkSys" style timestamps for a particular host only, leaving others alone, say based on it's IP address? Many thanks, .vp From: wiskbroom@hotmail.com To: syslog-ng@lists.balabit.hu Date: Thu, 17 Jan 2008 07:43:41 -0500 Subject: Re: [syslog-ng] Date and Host in Syslog Format Need Swapping Baz; Thank you, I hadn't a good reason, until now, to upgrade. I will try that and see. All the best, .vp
From: bazsi@balabit.hu To: syslog-ng@lists.balabit.hu Date: Thu, 17 Jan 2008 10:23:34 +0100 Subject: Re: [syslog-ng] Date and Host in Syslog Format Need Swapping
On Wed, 2008-01-16 at 18:35 -0800, infosec@gmail.com wrote:
From: <wiskbroom@hotmail.com> Subj: [syslog-ng] Date and Host in Syslog Format Need Swapping Date: Wed Jan 16, 2008 12:46 pm Size: 440 bytes To: Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu>
Hello:
I have an appliance that I've configured to send logs to syslog, but it is sending to a file named 2008.log instead of $FULLHOST.log
None of the other logs that I am getting contain the year, but for some reason, this one is. Below is a sample of the log itself.
Jan 16 15:31:06 2008 [192.168.100.1]
Is it possible to ignore the YEAR and make output go to $FULLHOST.log ?
Thank you,
at least syslog-ng 2.0.7 can process timestamps like this. It was integrated as "LinkSys" style timestamps.
-- Bazsi