logging several to one facility - parsing
Hello, I have several routers that I want to receive logs for. Can I send all the logs from these to a single facility and have syslog-ng parse and write them to different log files based on a ruleset such as ip address, type of log, etc. ? Thanks!
You could set up filters that each uniquely match the router you want to monitor, then have different log destinations for each of them. Or, assuming that your routers send along a hostname that is also a valid filename, you can do something like this: destination router_logs { file( "/var/log/routers/$HOST-router.log" create_dirs(yes) ); }; Paul Krizak 5900 E. Ben White Blvd. MS 625 Advanced Micro Devices Austin, Tx 78741 CAD Systems Engineering Paul.Krizak@amd.com Terry wrote:
Hello,
I have several routers that I want to receive logs for. Can I send all the logs from these to a single facility and have syslog-ng parse and write them to different log files based on a ruleset such as ip address, type of log, etc. ?
Thanks!
------------------------------------------------------------------------
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
Excellent. As long as I know something like that is possible. I can figure out the rest. Thank you. On 8/19/05, Paul Krizak <paul.krizak@amd.com> wrote:
You could set up filters that each uniquely match the router you want to monitor, then have different log destinations for each of them.
Or, assuming that your routers send along a hostname that is also a valid filename, you can do something like this:
destination router_logs { file( "/var/log/routers/$HOST-router.log" create_dirs(yes) ); };
Paul Krizak 5900 E. Ben White Blvd. MS 625 Advanced Micro Devices Austin, Tx 78741 CAD Systems Engineering Paul.Krizak@amd.com
Terry wrote:
Hello,
I have several routers that I want to receive logs for. Can I send all the logs from these to a single facility and have syslog-ng parse and write them to different log files based on a ruleset such as ip address, type of log, etc. ?
Thanks!
------------------------------------------------------------------------
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
Yes, this is possible. I was using a similar setup before and even had $HOST.$FACILITY where I would receive logs such as 'host1.auth' etc. Though I must say I learned that logging like this is more headache than it is worth and unless you have a specific purpose for doing this I would recommend staying with one log file, then just grep through it fo what you need or feed it into some type of tool for parsing. Once you separate the log files like this most data gathering programs will not interact with them. But if you just want clean little logs of various systems to look through once in a while then go for it. ;) - Ken Terry wrote:
Excellent. As long as I know something like that is possible. I can figure out the rest. Thank you.
On 8/19/05, *Paul Krizak* < paul.krizak@amd.com <mailto:paul.krizak@amd.com>> wrote:
You could set up filters that each uniquely match the router you want to monitor, then have different log destinations for each of them.
Or, assuming that your routers send along a hostname that is also a valid filename, you can do something like this:
destination router_logs { file( "/var/log/routers/$HOST-router.log" create_dirs(yes) ); };
Paul Krizak 5900 E. Ben White Blvd. MS 625 Advanced Micro Devices Austin, Tx 78741 CAD Systems Engineering Paul.Krizak@amd.com <mailto:Paul.Krizak@amd.com>
Terry wrote: > Hello, > > I have several routers that I want to receive logs for. Can I send all > the logs from these to a single facility and have syslog-ng parse and > write them to different log files based on a ruleset such as ip address, > type of log, etc. ? > > Thanks! > > > ------------------------------------------------------------------------ > > _______________________________________________ > syslog-ng maillist - syslog-ng@lists.balabit.hu <mailto:syslog-ng@lists.balabit.hu> > https://lists.balabit.hu/mailman/listinfo/syslog-ng > Frequently asked questions at http://www.campin.net/syslog-ng/faq.html >
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu <mailto:syslog-ng@lists.balabit.hu> https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
------------------------------------------------------------------------
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
participants (3)
-
Ken Garland
-
Paul Krizak
-
Terry