I am not sure I understand your usecase, and question. $HOST is populated based on the host field within the message and senders are free to set that to whatever they please. If that field is missing (which it might), syslog-ng fills that based on the sender IP address. There are alternative macros (such as $SOURCEIP), which is the actual IP of the datagram received by syslog-ng. But you can also play with $HOST related syslog-ng options such as keep-hostname(). Could you try to rephrase your question? Thanks Bazsi -- Bazsi On Wed, Jul 27, 2016 at 6:20 PM, Hollósi Botond <bhollosi@opennet.hu> wrote:

Hi,

We would like to monitor all hosts that are behind different NATs.

The main goal every host's log (comes over the NAT) go to separate log file. So every log file will contain only one host's log messages.

The *idea* is to *separate* the log messages *based on *IP *packet* parameters, '*date*' and *'source Public IP address *(NAT address)' and '*destination UDP port*'.

*Problem*, it seems the hosts log messages *mixed* with each other in the final log files.

For example in this : /var/log/remote_log/07/27/*37.220.128.16*/100/local0.log and this /var/log/remote_log/07/27/*89.135.48.161*/100/local0.log also contains messages comes from the host 100 behind the IP *94.21.180.56 *(it is sure because some rows from log contains host identifier, but not all rows contains it sadly)

but only this should contain the message, because a the host behind this public IP *94.21.180.56* /var/log/remote_log/07/27/*94.21.180.56*/100/local0.log

Does capable config below to handle this purpose, or i miss-configure something?

OS: Debian 8 latest 3.2.0-4-amd64 #1 SMP Debian 3.2.81-1 x86_64 GNU/Linux

Version: Syslog-ng install with apt-get install from http://httpredir.debian.org/debian this repo. And version syslog-ng-core 3.5.6-2+b1

The installed config untached, but i make an additional config file in the* /etc/syslog-ng/conf.d/remote.con*f with this *content*.

source s_net_0 { network( ip(0.0.0.0) port(600) transport(udp)); }; source s_net_1 { network( ip(0.0.0.0) port(601) transport(udp)); }; source s_net_2 { network( ip(0.0.0.0) port(602) transport(udp)); }; source s_net_3 { network( ip(0.0.0.0) port(603) transport(udp)); }; source s_net_4 { network( ip(0.0.0.0) port(604) transport(udp)); }; source s_net_5 { network( ip(0.0.0.0) port(605) transport(udp)); }; source s_net_6 { network( ip(0.0.0.0) port(606) transport(udp)); }; source s_net_7 { network( ip(0.0.0.0) port(607) transport(udp)); }; source s_net_8 { network( ip(0.0.0.0) port(608) transport(udp)); }; source s_net_9 { network( ip(0.0.0.0) port(609) transport(udp)); }; source s_net_10 { network( ip(0.0.0.0) port(610) transport(udp)); }; source s_net_11 { network( ip(0.0.0.0) port(611) transport(udp)); }; source s_net_12 { network( ip(0.0.0.0) port(612) transport(udp)); }; source s_net_13 { network( ip(0.0.0.0) port(613) transport(udp)); }; source s_net_14 { network( ip(0.0.0.0) port(614) transport(udp)); }; source s_net_15 { network( ip(0.0.0.0) port(615) transport(udp)); }; source s_net_16 { network( ip(0.0.0.0) port(616) transport(udp)); }; source s_net_17 { network( ip(0.0.0.0) port(617) transport(udp)); }; source s_net_18 { network( ip(0.0.0.0) port(618) transport(udp)); }; source s_net_19 { network( ip(0.0.0.0) port(619) transport(udp)); }; source s_net_20 { network( ip(0.0.0.0) port(620) transport(udp)); }; source s_net_21 { network( ip(0.0.0.0) port(621) transport(udp)); }; source s_net_22 { network( ip(0.0.0.0) port(622) transport(udp)); }; source s_net_23 { network( ip(0.0.0.0) port(623) transport(udp)); };

destination d_file_0 { file("/var/log/remote_log/$R_MONTH/$R_DAY/$HOST/100/$FACILITY.log" owner(root) group(root) create-dirs(yes) perm(0700) dir-perm(0700)); }; destination d_file_1 { file("/var/log/remote_log/$R_MONTH/$R_DAY/$HOST/101/$FACILITY.log" owner(root) group(root) create-dirs(yes) perm(0700) dir-perm(0700)); }; destination d_file_2 { file("/var/log/remote_log/$R_MONTH/$R_DAY/$HOST/102/$FACILITY.log" owner(root) group(root) create-dirs(yes) perm(0700) dir-perm(0700)); }; destination d_file_3 { file("/var/log/remote_log/$R_MONTH/$R_DAY/$HOST/103/$FACILITY.log" owner(root) group(root) create-dirs(yes) perm(0700) dir-perm(0700)); }; destination d_file_4 { file("/var/log/remote_log/$R_MONTH/$R_DAY/$HOST/104/$FACILITY.log" owner(root) group(root) create-dirs(yes) perm(0700) dir-perm(0700)); }; destination d_file_5 { file("/var/log/remote_log/$R_MONTH/$R_DAY/$HOST/105/$FACILITY.log" owner(root) group(root) create-dirs(yes) perm(0700) dir-perm(0700)); }; destination d_file_6 { file("/var/log/remote_log/$R_MONTH/$R_DAY/$HOST/106/$FACILITY.log" owner(root) group(root) create-dirs(yes) perm(0700) dir-perm(0700)); }; destination d_file_7 { file("/var/log/remote_log/$R_MONTH/$R_DAY/$HOST/107/$FACILITY.log" owner(root) group(root) create-dirs(yes) perm(0700) dir-perm(0700)); }; destination d_file_8 { file("/var/log/remote_log/$R_MONTH/$R_DAY/$HOST/108/$FACILITY.log" owner(root) group(root) create-dirs(yes) perm(0700) dir-perm(0700)); }; destination d_file_9 { file("/var/log/remote_log/$R_MONTH/$R_DAY/$HOST/109/$FACILITY.log" owner(root) group(root) create-dirs(yes) perm(0700) dir-perm(0700)); }; destination d_file_10 { file("/var/log/remote_log/$R_MONTH/$R_DAY/$HOST/110/$FACILITY.log" owner(root) group(root) create-dirs(yes) perm(0700) dir-perm(0700)); }; destination d_file_11 { file("/var/log/remote_log/$R_MONTH/$R_DAY/$HOST/111/$FACILITY.log" owner(root) group(root) create-dirs(yes) perm(0700) dir-perm(0700)); }; destination d_file_12 { file("/var/log/remote_log/$R_MONTH/$R_DAY/$HOST/112/$FACILITY.log" owner(root) group(root) create-dirs(yes) perm(0700) dir-perm(0700)); }; destination d_file_13 { file("/var/log/remote_log/$R_MONTH/$R_DAY/$HOST/113/$FACILITY.log" owner(root) group(root) create-dirs(yes) perm(0700) dir-perm(0700)); }; destination d_file_14 { file("/var/log/remote_log/$R_MONTH/$R_DAY/$HOST/114/$FACILITY.log" owner(root) group(root) create-dirs(yes) perm(0700) dir-perm(0700)); }; destination d_file_15 { file("/var/log/remote_log/$R_MONTH/$R_DAY/$HOST/115/$FACILITY.log" owner(root) group(root) create-dirs(yes) perm(0700) dir-perm(0700)); }; destination d_file_16 { file("/var/log/remote_log/$R_MONTH/$R_DAY/$HOST/116/$FACILITY.log" owner(root) group(root) create-dirs(yes) perm(0700) dir-perm(0700)); }; destination d_file_17 { file("/var/log/remote_log/$R_MONTH/$R_DAY/$HOST/117/$FACILITY.log" owner(root) group(root) create-dirs(yes) perm(0700) dir-perm(0700)); }; destination d_file_18 { file("/var/log/remote_log/$R_MONTH/$R_DAY/$HOST/118/$FACILITY.log" owner(root) group(root) create-dirs(yes) perm(0700) dir-perm(0700)); }; destination d_file_19 { file("/var/log/remote_log/$R_MONTH/$R_DAY/$HOST/119/$FACILITY.log" owner(root) group(root) create-dirs(yes) perm(0700) dir-perm(0700)); }; destination d_file_20 { file("/var/log/remote_log/$R_MONTH/$R_DAY/$HOST/120/$FACILITY.log" owner(root) group(root) create-dirs(yes) perm(0700) dir-perm(0700)); }; destination d_file_21 { file("/var/log/remote_log/$R_MONTH/$R_DAY/$HOST/121/$FACILITY.log" owner(root) group(root) create-dirs(yes) perm(0700) dir-perm(0700)); }; destination d_file_22 { file("/var/log/remote_log/$R_MONTH/$R_DAY/$HOST/122/$FACILITY.log" owner(root) group(root) create-dirs(yes) perm(0700) dir-perm(0700)); }; destination d_file_23 { file("/var/log/remote_log/$R_MONTH/$R_DAY/$HOST/123/$FACILITY.log" owner(root) group(root) create-dirs(yes) perm(0700) dir-perm(0700)); };

log { source(s_net_0); destination(d_file_0); }; log { source(s_net_1); destination(d_file_1); }; log { source(s_net_2); destination(d_file_2); }; log { source(s_net_3); destination(d_file_3); }; log { source(s_net_4); destination(d_file_4); }; log { source(s_net_5); destination(d_file_5); }; log { source(s_net_6); destination(d_file_6); }; log { source(s_net_7); destination(d_file_7); }; log { source(s_net_8); destination(d_file_8); }; log { source(s_net_9); destination(d_file_9); }; log { source(s_net_10); destination(d_file_10); }; log { source(s_net_11); destination(d_file_11); }; log { source(s_net_12); destination(d_file_12); }; log { source(s_net_13); destination(d_file_13); }; log { source(s_net_14); destination(d_file_14); }; log { source(s_net_15); destination(d_file_15); }; log { source(s_net_16); destination(d_file_16); }; log { source(s_net_17); destination(d_file_17); }; log { source(s_net_18); destination(d_file_18); }; log { source(s_net_19); destination(d_file_19); }; log { source(s_net_20); destination(d_file_20); }; log { source(s_net_21); destination(d_file_21); }; log { source(s_net_22); destination(d_file_22); }; log { source(s_net_23); destination(d_file_23); };

-- Üdvözlettel: Hollósi Botond Opennetworks Kft. Tel.: 06-1-9996000 Mobil: 06-20-4362032

______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq