This is the base config file I'm working with.. Note: i'm using unix_stream. Should I be using unix_dgram since im on a 2.6x kernel? I'm reading through the section on syslog-ng in the book "Building Secure Server with Linux", and it mentions soemthing about using "unix-dgram" .. note the "-" instead of "_". I'm assuming its a type and should be "_". ------ source s_sys { file ("/proc/kmsg" log_prefix("kernel: ")); unix_stream("/dev/log"); internal(); }; destination d_cons { file("/dev/console"); }; destination d_mesg { file("/var/log/messages"); }; destination d_auth { file("/var/log/secure"); }; destination d_mail { file("/var/log/maillog"); }; destination d_spol { file("/var/log/spooler"); }; destination d_boot { file("/var/log/boot.log"); }; destination d_cron { file("/var/log/cron"); }; destination d_mlal { usertty("*"); }; filter f_filter1 { facility(kern); }; filter f_filter2 { level(info) and not (facility(mail) or facility(authpriv) or facility(cron)); }; filter f_filter3 { facility(authpriv); }; filter f_filter4 { facility(mail); }; filter f_filter5 { level(emerg); }; filter f_filter6 { facility(uucp) or (facility(news) and level(crit)); }; filter f_filter7 { facility(local7); }; filter f_filter8 { facility(cron); }; #log { source(s_sys); filter(f_filter1); destination(d_cons); }; log { source(s_sys); filter(f_filter2); destination(d_mesg); }; log { source(s_sys); filter(f_filter3); destination(d_auth); }; log { source(s_sys); filter(f_filter4); destination(d_mail); }; log { source(s_sys); filter(f_filter5); destination(d_mlal); }; log { source(s_sys); filter(f_filter6); destination(d_spol); }; log { source(s_sys); filter(f_filter7); destination(d_boot); }; log { source(s_sys); filter(f_filter8); destination(d_cron); };

...

...

billn@billn.net 03/31 10:00 am >>> On Thu, 31 Mar 2005, Ryan McCain wrote:

Where can I find documentation that will give me information on how to accept logs from remote hosts and have each of the hosts log to their own file?

destination hosts { file("/var/syslog/HOSTS/$HOST/$YEAR/$MONTH/$HOST-$FACILITY-$YEAR$MONTH$DAY" owner(bob) group(llamafood) perm(0755) dir_perm(0755) create_dirs(yes)); }; - billn syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html