Hello, So you are going to need something that differentiate the two type of machines. For example if there is an environment variable you can depend on, syslog-ng could get that information via stubtitution: <code> destination { network("`my-env-variable-that-contains-an-ip`"); }; </code> The *my-env-variable-that-contains-an-ip* environment variable is going to be pasted in the above configuration (you could use that substitution in differnet places, creating a condition like you wanted a possiblity with this). When the replacement happens the environment variable is the last thing syslog-ng looks for (first it looks for thing like @define name value). There is no condition like in C preprocessing #if, still you could use a trick to get similiar. Let's have an env variable GROUP_NAME=A or B <code> @version: 3.22 block root Ateam() { log { destination clnt { udp("remote-box-a" port(514)); }; log { source(src); filter(f_messages); destination(clnt); }; }; }; block root Bteam() { log { destination clnt { udp("remote-box-b" port(514)); }; log { source(src); filter(f_messages); destination(clnt); }; }; }; `GROUP_NAME`team(); </code> This is not something I encorage you to do, just show that it is possible this way. -- Kokan On Thu, Aug 15, 2019 at 07:06:28PM +0300, Alexey Vlasov wrote:

CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe.

Hi,

I would like to optimize my syslong-ng.conf file thus it could be used on some boxes without any changing. Now I have a few modifications of syslong-ng.conf on each server to copy logs to remote box.

For example, group of hosts A* ============================== A1-machine (it is its hostname) has: destination clnt { udp("remote-box-a" port(514)); }; log { source(src); filter(f_messages); destination(clnt); }; ==============================

============================== A2-machine has: destination clnt { udp("remote-box-a" port(514)); }; log { source(src); filter(f_messages); destination(clnt); }; ==============================

and group of hosts B*

============================== B1-machine has: destination clnt { udp("remote-box-b" port(514)); }; log { source(src); filter(f_messages); destination(clnt); }; ==============================

============================== B2-machine has: destination clnt { udp("remote-box-b" port(514)); }; log { source(src); filter(f_messages); destination(clnt); }; ==============================

Is there possible to write something like that

If (${HOSTNAME} ~ ^A) use remote-box-a If (${HOSTNAME} ~ ^B) use remote-box-b

Thanks in advance! ______________________________________________________________________________ Member info: https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.balabit.hu%2Fmailman%2Flistinfo%2Fsyslog-ng&data=02%7C01%7Cpeter.kokai%40oneidentity.com%7C163aa3e35fe94d791ac808d7219a8c4c%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C637014820005974985&sdata=HpYwlUr1IHKsdyXl9E2RVmvd8qaJeU1t1IS96VIobNY%3D&reserved=0 Documentation: https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fsupport%2Fdocumentation%2F%3Fproduct%3Dsyslog-ng&data=02%7C01%7Cpeter.kokai%40oneidentity.com%7C163aa3e35fe94d791ac808d7219a8c4c%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C637014820005974985&sdata=E6Q94nvvDQfOmm62YI3mgGaji6l9cy8gNJXuRuF4mJ8%3D&reserved=0 FAQ: https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fwiki%2Fsyslog-ng-faq&data=02%7C01%7Cpeter.kokai%40oneidentity.com%7C163aa3e35fe94d791ac808d7219a8c4c%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C637014820005974985&sdata=st4NEQ7KYkqRBRCU%2F4sLAKERwS4biI9I75n2tlaZdC0%3D&reserved=0