[syslog-ng] Remote loging and facility seperation of incoming logs.

Balazs Scheidler bazsi@balabit.hu
Tue, 31 Aug 1999 22:53:02 +0200


On Tue, Aug 31, 1999 at 10:40:44AM -0400, deant@stsi.net wrote:
> Salutations all,
> 
> I am attempting to set up a network log server for our Debian and 
> RedHat servers.  I can cause the other boxen to send the information 
> to the log server. The log server receives the packets. However, I 
> am having some difficulty separating the inbound packets by box and 
> routing them to different files by facility.  Any assistance would 
> be appreciated.

Instead of filtering based on facility, use the host() filter to sort
messages belonging to different hosts to different destinations:

source s_net { udp(); };

filter f_host1 { host("host1");
destination d_host1 { file("/var/log/host1/messages"); };

log { source(s_net); filter(f_host1); destination(d_host1); };

-- 
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1
     url: http://www.balabit.hu/pgpkey.txt