Sorting based on incoming hostname.
Hi, folks: I am trying to achieve the following setup. Say, I have Solaris boxes and Linux boxes on my network, and I want them all to log to one loghost. However, I would like to separate the incoming logs by system type. I had this idea: Solaris boxes would log to log-sol.domain.com, while Linux boxes would log to log-lnx.domain.com, which are both CNAME's to loghost.domain.com. Would it be possible for syslog-ng to put all solaris logs in /var/log/solaris and linux logs into /var/log/linux, based entirely on which hostname they arrived at? Cheers, -- 0> Konstantin ("Icon") Riabitsev / ) Duke University Physics Sysadmin ~ www.phy.duke.edu/~icon/pubkey.asc
Konstantin Riabitsev writes:
... Say, I have Solaris boxes and Linux boxes on my network, and I want them all to log to one loghost. However, I would like to separate the incoming logs by system type. I had this idea: Solaris boxes would log to log-sol.domain.com, while Linux boxes would log to log-lnx.domain.com, which are both CNAME's to loghost.domain.com.
Instead of CNAMEs, make them separate virtual IP numbers on the same box. Then set up separate sources in syslog-ng to listen on the seperate IP addresses, and since they are in separate streams, you can do whatever you like with them. For example: source linuxlogs { tcp(ip(192.168.1.10) port(1999); ); }; source solarislogs { tcp(ip(192.168.1.99) port(1999); ); };
Would it be possible for syslog-ng to put all solaris logs in /var/log/solaris and linux logs into /var/log/linux, based entirely on which hostname they arrived at?
The traffic is sent by IP number, not hostname, which is why you'd have to use separate IP addresses. You should be able to filter on the source hostname, since you know in advance which parts of your network are Linux and which parts are Solaris, but I think my way is cleaner. -- Ed
participants (2)
-
Ed Ravin
-
Konstantin Riabitsev