hello, i have changed my config as you told me to do: destination local7 { file("/var/log/syslog-ng/$SOURCEIP/local7.log" sync(0) log_fifo_size(10) create_dirs(yes) owner(root) group(system) perm(0660) dir_perm(0770)); }; but i have still the same problem! the message: "Jul 17 02:19:19 %STATIC-W-GWAYNOTREACH,/10.146.18.5 Gateway 172.28.3.126 is not reachable." is stored in "/var/log/syslog-ng/%STATIC-W-GWAYNOTREACH,/local7.log" and not in "/var/log/syslog-ng/10.146.18.5/local7.log" !!! i hope you can help me once more manfred bürger -----Ursprüngliche Nachricht----- Von: Balazs Scheidler [mailto:bazsi@balabit.hu] Gesendet: Dienstag, 16. Juli 2002 10:21 An: syslog-ng@lists.balabit.hu Betreff: Re: [syslog-ng]logfile save problem (again ;) On Tue, Jul 16, 2002 at 09:48:45AM +0200, Buerger, Manfred wrote:

hello,

I have allready posted my syslog-ng problem to this mailinglist on friday; now, I hope I can make things more clear:

I am using Suse8.0 with syslog-ng to monitor enterasys ans cabletron network equipment (switches, routers.... ); and have some problems with the configuration:

in my syslog-ng.conf:

destination local7 { file("/var/log/syslog-ng/$HOST/local7.log" sync(0) log_fifo_size(10) create_dirs(yes) owner(root) group(system) perm(0660) dir_perm(0770)); };

because of this configuration a system message like: "Jul 15 13:56:28 %STP-I-PORT_STATUS,/10.146.12.16 Port status change detected: et.3.6 - Port Up" should be stored in "/var/log/syslog-ng/10.146.12.16/local7.log" but it´s stored in: "/var/log/syslog-ng/%STP-I-PORT_STATUS,/local7.log".

destination local7 { file("/var/log/syslog-ng/$SOURCEIP/local7.log" sync(0) log_fifo_size(10) create_dirs(yes) owner(root) group(system) perm(0660) dir_perm(0770)); }; here's the list of macros you can use: { "FACILITY", M_FACILITY }, { "PRIORITY", M_LEVEL }, { "LEVEL", M_LEVEL }, { "TAG", M_TAG }, { "DATE", M_DATE }, { "FULLDATE", M_FULLDATE }, { "ISODATE", M_ISODATE }, { "YEAR", M_YEAR }, { "MONTH", M_MONTH }, { "DAY", M_DAY }, { "HOUR", M_HOUR }, { "MIN", M_MIN }, { "SEC", M_SEC }, { "WEEKDAY", M_WEEKDAY }, { "UNIXTIME", M_UNIXTIME }, { "R_DATE", M_DATE_RECVD }, { "R_FULLDATE", M_FULLDATE_RECVD }, { "R_ISODATE", M_ISODATE_RECVD }, { "R_YEAR", M_YEAR_RECVD }, { "R_MONTH", M_MONTH_RECVD }, { "R_DAY", M_DAY_RECVD }, { "R_HOUR", M_HOUR_RECVD }, { "R_MIN", M_MIN_RECVD }, { "R_SEC", M_SEC_RECVD }, { "R_WEEKDAY", M_WEEKDAY_RECVD }, { "R_UNIXTIME", M_UNIXTIME_RECVD }, { "S_DATE", M_DATE_STAMP }, { "S_FULLDATE", M_FULLDATE_STAMP }, { "S_ISODATE", M_ISODATE_STAMP }, { "S_YEAR", M_YEAR_STAMP }, { "S_MONTH", M_MONTH_STAMP }, { "S_DAY", M_DAY_STAMP }, { "S_HOUR", M_HOUR_STAMP }, { "S_MIN", M_MIN_STAMP }, { "S_SEC", M_SEC_STAMP }, { "S_WEEKDAY", M_WEEKDAY_STAMP }, { "S_UNIXTIME", M_UNIXTIME_STAMP }, { "HOST_FROM", M_HOST_FROM }, { "FULLHOST_FROM", M_FULLHOST_FROM }, { "HOST", M_HOST }, { "FULLHOST", M_FULLHOST }, { "PROGRAM", M_PROGRAM }, { "MSG", M_MESSAGE }, { "MESSAGE", M_MESSAGE }, { "SOURCEIP", M_SOURCE_IP } you might also use HOST_FROM or FULLHOST_FROM if you want hostnames instead of IPs (though it requires use_dns(yes)) -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1 _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html