[syslog-ng]separate logs from different sources
Hamilton, Andrew
Andrew.Hamilton@afccc.af.mil
Mon, 21 Oct 2002 08:59:06 -0400
And of course you really don't need to have the filter statement in it at
all if you use the $HOST macro.
you could then just use:
source net { tcp(); udp(); };
destination hostfile { file("/path/to/logs/$HOST"); };
log { source(net); destination(hostfile); };
Drew
-----Original Message-----
From: Hamilton, Andrew [mailto:Andrew.Hamilton@afccc.af.mil]
Sent: Monday, October 21, 2002 8:56 AM
To: syslog-ng@lists.balabit.hu
Subject: RE: [syslog-ng]separate logs from different sources
Olav,
This should work for you. Of course you should substitute real names where
I have placed the x's and the filter and destination names should be
meaningful names. Whether you use TCP is up to you. You will need to use
UDP because that is how Cisco routers send their logs.
source net { tcp(); udp(); };
filter f_host { host("xxx.xxx.xxx.xxx"); };
destination hostfile { file("/path/to/logs/$HOST"); };
log { source(net); filter(f_host); destination(hostfile); };
Regards,
Drew
-----Original Message-----
From: Olav Langeland [mailto:Olav.Langeland@activeisp.com]
Sent: Monday, October 21, 2002 8:47 AM
To: syslog-ng@lists.balabit.hu
Subject: [syslog-ng]separate logs from different sources
I want to send syslog from 3 different Cisco routers to a FreeBSD box
and have syslog-ng separate them into different output files based on
IP. Would appreciate if anyone could help me with configuration
examples/ideas.
thanks, olav.
_______________________________________________
syslog-ng maillist - syslog-ng@lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
_______________________________________________
syslog-ng maillist - syslog-ng@lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html