Hi, I'm new to syslog-ng and was wondering if following scenario is possible with it. I'm sending log from remote device to syslog-ng with these facilities: local0.info local1.info local2.info Can I make all logs go into one separate log file based on the source ip, or all three log facilities to different files also based on the source ip? I tried to implement the sample configurations, with no luck so far. -MiikaT ------------------------------------------------- This mail sent through IMP: http://horde.org/imp/
MiikaT What you are trying to do isn't too bad with syslog-ng. If you use the filter functions on this page http://www.balabit.com/products/syslog_ng/reference/x567.html#FILTERFUNC you can make something like it sounds you need. Here is a snippit of what I do this setup a listener, create a destination file based upon the host and date, the filter logs only on the host which the log came from. source rsrc { udp(ip(0.0.0.0) port(514)); }; filter f_cne_rtr { host("grrcis*") or host("grrnor*"); }; destination d_cne_rtr { file("/var/log/cne/routers/$HOST/$YEAR/$MONTH/$FULLDATE.log" owner(root) group(logs) perm(0640) dir_perm(0770) create_dirs(yes) ); }; log { source(rsrc); filter(f_cne_rtr); destination(d_cne_rtr);}; Hope that helps. Mark
Lainaus Mark Knirk <syslog-ng@decep.net>:
Here is a snippit of what I do this setup a listener, create a destination file based upon the host and date, the filter logs only on the host which the log came from.
Here's what I tried: source s_udp { udp(ip("0.0.0.0") port(514)); filter f_gnatbox { host("fw-fxp3"); }; destination d_gnatbox { file("/var/log/gnatbox/$HOST/$YEAR/$MONTH/$FULLDATE.log" owner (root) group(logs) perm(0640) dir_perm(0770) create_dirs(yes$ }; log { source(s_udp); filter(f_gnatbox); destination(d_gnatbox);}; Tcpdump displays that syslog messages are sent to syslog-ng: 19:48:47.968036 fw-fxp3.syslog > localhost.syslog: udp 123 But no files or folders are created under /var/log/gnatbox. With standard syslog I know that I can create three different log files based on local0.* local1.* local2.*. -MiikaT
participants (2)
-
Mark Knirk
-
MiikaT