Logging a file to another syslog-ng server for indexing
Sorry about the reply when I should have created a new msg. Hello all, I am trying to add a specific file for syslog to pickup and log remotely but have been unable to make it work. The file I am trying to get over to another syslog-ng server is an audit log. What has to happen is from 1 server the log file gets read/moved over to the other Log server . . .which will then be indexed by splunk. I am learning syslog-ng and am not sure exactly how to make what I am trying to do work. If anyone has any ideas or suggestions please drop me a note! Thanks cygnus_logo Corey M. Bobb System Administrator 850 South Concourse Parkway Maitland, FL 32851 Office - 321-455-2150 Cell - 407-947-7832
On 5/15/07, Corey Bobb <cbobb@cygnus.com> wrote:
What has to happen is from 1 server the log file gets read/moved over to the other Log server . . .which will then be indexed by splunk. I am learning syslog-ng and am not sure exactly how to make what I am trying to do work. Something like this? log { source(src); filter(status); destination(loghost); };
Note that you can have more than one log target for one source/filter.
Corey M. Bobb Cheers, Andrej
participants (2)
-
Andrej Ricnik-Bay
-
Corey Bobb