R: syslog-ng Digest, Vol 80, Issue 18
As you can see the device gives a valid syslog header. Destination of Firewall in fw.log: # tailf fw.log Dec 13 13:58:47 192.168.1.254/192. 168.1.254 Fw-Vigor2955: 149:13:59.970 lan->wan @S:R=13:1 p 192.168.1.8,19679 -> 82.200.234.214,33244 PR UDP len 20 131 Destination of Access Point .241 in ap241.log: # tailf ap241.log Dec 13 13:58:47 192.168.1.254/192.168.1.254 Fw-Vigor2955: 149:13:59.770 lan-
wan @S:R=13:1 p 192.168.1.8,19679 -> 94.244.30.85,63708 PR UDP len 20 131
It writes the same thing!! My configuration is the following: source udp { udp(); }; destination d_fw { file("/**/**/fw.log" create_dirs(yes) fsync(yes)); }; filter f_fw { netmask ("192.168.1.254/32"); ## try for only host }; log { source(udp); destination(d_fw); filter(f_fw); }; Therefore, how can I do?? Thanks Tokie ------------------------------ Date: Mon, 12 Dec 2011 19: 10:30 -0500 From: Jim <jrhendri@maine.rr.com> Subject: Re: [syslog-ng] Log only one host To: Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu> Message-ID: <1323735030.16055.1. camel@ubuntu> Content-Type: text/plain; charset="UTF-8" Couple things to note: - not all syslogs give a valid syslog header (e.g. <date> <time> <host> <program>:<message>) - name resolution costs cycles (may not be an issue) - know the difference between $HOST (parsed from the syslog header) and $HOST_FROM (the origin of the packet) Enjoy! On Mon, 2011-12-12 at 12:05 +0100, Thomas Wollner wrote:
Hello,
to separate the destination logfiles for each host, use the following
destination d_file_foreach_host {
file("/var/log/$FULLHOST.log");
}
log { source(s_all); destination
(d_file_foreach_host),
};
hope it helps, regards,
Tom
Zitat von "tokie@tiscali.it" <tokie@tiscali.it>:
Try
using the netmask filter.
filter f_host_a_b_c_d {
netmask
("a.b.c.d/32");
};
Tks for reply, I tried but don't work! More specific: I wish that all devicies in my network, logging into a specific file on syslog server.
Now all files log all devicies!!
I have the same result in different file(100.log, 101.log, and so on)
Must I use iptables's match?? How??
tks Tokie
p.s.: netmask ("a.b.c.
d/32") or netmask("a.b.c.d/255.255.255.255") ???
E' nata indoona: chiama, videochiama e messaggia Gratis. Scarica indoona per iPhone, Android e PC: http://www.indoona.com/
participants (1)
-
tokie@tiscali.it