[syslog-ng]Splitting routerlogs from servers
Michael Renner
m.renner@inode.at
Thu, 28 Feb 2002 18:38:04 +0100
At 17:30 28.02.2002 +0100, you wrote:
>On Thu, Feb 28, 2002 at 05:18:43PM +0100, Michael Renner wrote:
> > Hiya!
> >
> > I've got a setup like this with many log hosts (~200, raising) and want to
> > split the server logfiles from those of our routers. i've got a setup like
> > this:
> > []
> >
> > This is a very ugly setup because i always have to add new servers to the
> > f_server filter, otherwise it would get logged in the router/unknown dir
> >
> > Is there a better way to solve this with one ip address or should i add a
> > secondary interface to the server and let the routers log to the second ip?
>
>what about logging to a different port?
Hi Bazsi, Hi Gregor!
Thanks for your fast replies.
Logging to an alternate port would be a solution for the servers running
syslog-ng, but the default syslogd shipped with most of the distributions
doesn't seem to support this (at least the man-pages don't mention anything
about it). Additionally most of the routers out there in the big, wild
internet won't let you change the destination port for the syslog stuff.
I think i'll just add another IP to the server and let the routers log to it.
Btw. the config parser drops hosts right before/after a CR/LF if you split
the host() filter accross several lines, like
host(server1|server2|
server3|server4
|server5);
Is this intentionally?
I couldn't track the problem further down because the yacc debugger
(syslog-ng -[dv|dd]) seems to have vanished from 1.5.*.
mfg
--
Renner Michael
Junior System Engineer
Inode Telekommunikationsdienstleistungs GmbH - http://www.inode.at
support@inode.at, Tel.: 05 9999-0, Fax.: 05 9999-2699