[syslog-ng] some questions

Pavel Golubev pg@gu.net
Tue, 11 May 1999 12:18:07 +0300 (EEST) 

On Tue, 11 May 1999, Balazs Scheidler wrote:

> > Next. Standard syslogd writes "host" field correct - corresponding to
> > client name, but remote client's messages in syslog-ng always looks like
> > "srcname/syslog-ng_server_name". It's too hard for admin to separate
> > logfiles visually.
> 
> Yes, there's a problem in hostname generation in current versions, it's
> fixed here in my local copy, but the source is in a bit of flux now, and I
> didn't want to release it.
> 
> > 
> > For last :)
> > Can somebody give me _working_ example of log separating by remote
> > hostname or IP address. It's not trivial for me :)
> 
> There are two ways doing this:
> 
> modifying the /etc/services file to make your syslogd to log to a different
> port (instead of 514). Each client hosts log to a different port number,
> then declare a source for each client:
> 
> source c1 { udp 0.0.0.0,514; };
> source c2 { udp 0.0.0.0,515; };
> etc.
> 
> Each computer's log come from a distinct source.

Yes - It's works fine, but announced "host" filter does not.
My simple config:

-----------------
source src { udp 0.0.0.0,514; };

destination dest { file /var/log/syslog-ng.monkey; };

filter monk  { host("monkey"); };

log { source src; filter monk; destination dest; };

-----------------

In "monkey" (monkey is real hostname) host I have standard syslogd with:
*.*	@syslog-ng_hostname

And....nothing. With syslog-ng config like:

-----------------
source src { udp 0.0.0.0,514; };

destination dest { file /var/log/syslog-ng.monkey; };

log { source src; destination dest; };
   
-----------------

all works, of course.
 
Is standard syslogd compatible with syslog-ng as client?
Do I understand  "host" filter directive right?

Thanks.

> 
> Another solution is to use the new host() filter:
> 
> source src { udp 0.0.0.0,514; };    # each computer logs to this source
> 
> filter f_c1 { host("hostname1"); };
> filter f_c2 { host("hostname2"); };
> 
> log { source src; filter f_c1; destination c1; };
> ...
> 
> -- 
> Bazsi
> PGP key: http://www.balabit.hu/pgpkey.txt, or finger bazsi@balabit.hu
> 
> _______________________________________________
> syslog-ng maillist  -  syslog-ng@vekoll.saturnus.vein.hu
> http://vekoll.saturnus.vein.hu/mailman/listinfo/syslog-ng
> 

---
Pavel Golubev
PG810-RIPE
Global Ukraine Inc.