[syslog-ng]Splitting routerlogs from servers
Ken Paris
kparis@netstars.org
Thu, 28 Feb 2002 23:31:01 -0700
>On Thu, Feb 28, 2002 at 05:18:43PM +0100, Michael Renner wrote:
> > Hiya!
> >
> > I've got a setup like this with many log hosts (~200, raising) and want to
> > split the server logfiles from those of our routers. i've got a setup like
> > this:
> > []
> >
> > This is a very ugly setup because i always have to add new servers to the
> > f_server filter, otherwise it would get logged in the router/unknown dir
> >
> > Is there a better way to solve this with one ip address or should i add a
> > secondary interface to the server and let the routers log to the second ip?
Maybe I am missing something here, but why not source from a different
facility for routers than local or servers. Facility can still be useful
;-/ if only to differ from a handful of source types, rather easily. Most syslog
sources allow some method to set the syslog facility they speak to.
Basically .... or am I over simplifying this?
filter f_router {
facility(local7); };
filter f_server {
facility(local6); };
filter f_local {
facility(local1); };
Good luck,
Ken Paris