Re: [syslog-ng] filter on src ip address.

28 Oct 2008

      Hi Leo,

Thanks for your quick reply.. Im looking at it, but it does not seem to make much sense to me..

Am I correct to assume that destination is a sort of container for what goes where?

I extracted this from my Debian syslog-ng install

source s_all {
        # message generated by Syslog-NG
        internal();
        # standard Linux log source (this is the default place for the syslog()
        # function to send logs to)
        unix-stream("/dev/log");
        # messages from the kernel
        file("/proc/kmsg" log_prefix("kernel: "));
        # use the following line if you want to receive remote UDP logging messages
        # (this is equivalent to the "-r" syslogd flag)
        # udp();
};

######
# destinations

# some standard log files
destination df_auth { file("/var/log/auth.log"); };

# auth,authpriv.*                 /var/log/auth.log
log {
        source(s_all);
        filter(f_auth);
        destination(df_auth);
};

So, I could do something like:

Source MyAppliance {
        udp(<src IP>)
};

Destination MyAppliance_log { file("/var/log/MyAppliance"); };

Log {

        Source(MyAppliance);
        Destination(MyAppliance_log);

};

Does that make sense?

Now the next question is, can I have the syslog-ng accept everyting, but "auto" generate a new file for each different source addresses?

Cheers

Esben
...
-----Oprindelig meddelelse-----
Fra: Leonard Mills [mailto:lenm@ops.corpnet.sel.sony.com]
Sendt: 28. oktober 2008 21:53
Til: Esben Laursen
Emne: Re: [syslog-ng] filter on src ip address.
You should probably start with:
man  syslog-ng.conf
Pay particular attention to the section "DESTINATIONS"
What you want to do is _very_ easy with NG.
Len
On Tue, 28 Oct 2008, Esben Laursen wrote:
...
Hi Guys,
I've been looking at syslog-ng's website, but cannot seem to find the
correct info.
I need to have a syslog server that gather logs from different
appliances devices. Currently I just a regular syslogd, the problem is
that I need to have every appliance in a different file, and that does
syslogd not support.
I've looked at the webpage for it appear that syslog-ng support this, I
look at the feature list, it says something like this:
Filtering for sending IP address, check for syslog-ng.
However I have no idea how to configure it or if I misunderstood the
meaning of the feature list.
Could someone please point me in the correct direction?
Cheers
Esben
__________________________________________________________________________
____
...
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation:
http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.campin.net/syslog-ng/faq.html

Esben Laursen

tags

participants (1)