Hi All, Can some one tell how to log from different hosts to a single file? I have several firewalls/routers/CSS and would like to have single file for firewalls logs and another for routers logs and the same for CSS. All of the devices logs are sent using udp port 514 I use syslog-ng 2.0.4 and currently all logs are sent to a single file. Thanks.
On Thu, 2007-07-19 at 21:54 +0300, Ahmad Al-Dosari wrote:
Hi All,
Can some one tell how to log from different hosts to a single file?
I have several firewalls/routers/CSS and would like to have single file for firewalls logs and another for routers logs and the same for CSS. All of the devices logs are sent using udp port 514
I use syslog-ng 2.0.4 and currently all logs are sent to a single file.
Lots of options, the easiest is using $HOST in the destination file name. -- Bazsi
On Thu, 19 Jul 2007 22:52:46 +0200, Balazs Scheidler said:
On Thu, 2007-07-19 at 21:54 +0300, Ahmad Al-Dosari wrote:
Hi All,
Can some one tell how to log from different hosts to a single file?
I have several firewalls/routers/CSS and would like to have single file for firewalls logs and another for routers logs and the same for CSS. All of the devices logs are sent using udp port 514
I use syslog-ng 2.0.4 and currently all logs are sent to a single file.
Lots of options, the easiest is using $HOST in the destination file name.
I think he wants this: Logs from cisco1, cisco2, cisco3 all go in /var/log/routers Logs from fw-1, fw-2, some-other-firewall go in /var/log/firewalls and so on. If he has a naming convention for his network gear, he *might* be able to do what he wants based on a regexp that *matches* the source hostname. f_filter { match($HOST,"cisco*");} and then use *that* to filter into /var/log/routers, or something like that (I'm late for the door already, somebody else can fix the syntax...)
Hi , I configured Linux server ( AS 4 Update 5) to log to central syslog-ng server. I add the following line in /etc/syslog.conf ( still has old syslog ) *.* @x.y.z.a where x.y.z.a is the IP of the central syslog-ng I rebooted the client but nothing is being reported on the central syslog-ng . Any ideas? Thanks
On Fri, 2007-07-20 at 11:34 -0400, Tamer Tayea wrote:
Hi ,
I configured Linux server ( AS 4 Update 5) to log to central syslog-ng server.
I add the following line in /etc/syslog.conf ( still has old syslog )
*.* @x.y.z.a where x.y.z.a is the IP of the central syslog-ng
I rebooted the client but nothing is being reported on the central syslog-ng . Any ideas?
start debugging: tcpdump on both the client and the server. -- Matt Zagrabelny - mzagrabe@d.umn.edu - (218) 726 8844 University of Minnesota Duluth Information Technology Systems & Services PGP key 1024D/84E22DA2 2005-11-07 Fingerprint: 78F9 18B3 EF58 56F5 FC85 C5CA 53E7 887F 84E2 2DA2 He is not a fool who gives up what he cannot keep to gain what he cannot lose. -Jim Elliot
participants (5)
-
Ahmad Al-Dosari
-
Balazs Scheidler
-
Matt Zagrabelny
-
Tamer Tayea
-
Valdis.Kletnieks@vt.edu