On Thu, Feb 28, 2002 at 05:18:43PM +0100, Michael Renner wrote:
Hiya!
I've got a setup like this with many log hosts (~200, raising) and want to split the server logfiles from those of our routers. i've got a setup like this: []
This is a very ugly setup because i always have to add new servers to the f_server filter, otherwise it would get logged in the router/unknown dir
Is there a better way to solve this with one ip address or should i add a secondary interface to the server and let the routers log to the second ip?
Maybe I am missing something here, but why not source from a different facility for routers than local or servers. Facility can still be useful ;-/ if only to differ from a handful of source types, rather easily. Most syslog sources allow some method to set the syslog facility they speak to. Basically .... or am I over simplifying this? filter f_router { facility(local7); }; filter f_server { facility(local6); }; filter f_local { facility(local1); }; Good luck, Ken Paris
At 23:31 28.02.2002 -0700, Ken Paris wrote:
Maybe I am missing something here, but why not source from a different facility for routers than local or servers. Facility can still be useful ;-/ if only to differ from a handful of source types, rather easily. Most syslog sources allow some method to set the syslog facility they speak to.
Basically .... or am I over simplifying this?
filter f_router { facility(local7); }; filter f_server { facility(local6); }; filter f_local { facility(local1); };
In an ideal world (tm) this would be possible, but the truth is that routers send on various facilities and some really braindead ones don't even let you change the facility. Also the programs running on servers can use any facility they want for their syslog messages, and patching every program out there would be quite painful. mfg -- Renner Michael Junior System Engineer Inode Telekommunikationsdienstleistungs GmbH - http://www.inode.at support@inode.at, Tel.: 05 9999-0, Fax.: 05 9999-2699
participants (2)
-
Ken Paris
-
Michael Renner