[syslog-ng]Problem of recording
Ben Russo
ben@umialumni.com
06 Nov 2002 12:37:10 -0500
On Wed, 2002-11-06 at 11:53, Stefano Tanfoglio wrote:
....
>
> filter f_windows {
> host("name1.domain.tld|name2.domain.tld|name3.domain.tld|...........|125");
> };
....
>
> 1) In the windows section I have 125 machine and only 80 recording.
> I try to move the last hostname in first position:
> filter f_windows {
> host("125|name1.domain.tld|name2.domain.tld|name3.domain.tld|...........|124
> "); };
> the test it ok, hostname logger and recording.
>
Stefano,
Try This:
On the Linux server running Syslog-ng create virtual network interfaces,
so that the box has more than one IP address.
for example 10.10.10.1 and 10.10.10.2 and 10.10.10.3
In your syslog-ng configuration file you can add the sources:
source s_win { udp( 10.10.10.1,514 ); };
source s_lin { udp( 10.10.10.2,514 ); };
source s_rtr { udp( 10.10.10.3,514 ); };
(EXAMPLE ONLY, read the syslog-ng.conf man page for proper syntax).
Then configure all your Windows boxes to point at the IP address
10.10.10.1
And configure all your Linux boxes to point at the IP address 10.10.10.2
And configure all your Routers to point at the IP address 10.10.10.3
Just set up one filter
Then in your log statement you can configure the sources for each
destination.
As far as your other problems, don't worry about them yet.
Try to fix one thing at a time.
-Ben.