[syslog-ng]Re: Splitting routerlogs from servers

[Michael Renner]

At 23:31 28.02.2002 -0700, Ken Paris wrote:

>Maybe I am missing something here, but why not source from a different
>facility for routers than local or servers. Facility can still be useful
>;-/ if only to differ from a handful of source types, rather easily. Most 
>syslog
>sources allow some method to set the syslog facility they speak to.
>
>Basically .... or am I over simplifying this?
>
>filter f_router         {
>facility(local7); };
>filter f_server         {
>facility(local6); };
>filter f_local         {
>facility(local1); };


In an ideal world (tm) this would be possible, but the truth is that 
routers send on various facilities and some really braindead ones don't 
even let you change the facility. Also the programs running on servers can 
use any facility they want for their syslog messages, and patching every 
program out there would be quite painful.


mfg

-- 

Renner Michael
Junior System Engineer

Inode Telekommunikationsdienstleistungs GmbH - http://www.inode.at
support@inode.at, Tel.: 05 9999-0, Fax.: 05 9999-2699