[syslog-ng]Remote log receive
Mark Knirk
syslog-ng@lists.balabit.hu
29 Jul 2003 13:50:10 -0400
MiikaT
What you are trying to do isn't too bad with syslog-ng. If you use the
filter functions on this page
http://www.balabit.com/products/syslog_ng/reference/x567.html#FILTERFUNC
you can make something like it sounds you need.
Here is a snippit of what I do this setup a listener, create a
destination file based upon the host and date, the filter logs only on
the host which the log came from.
source rsrc { udp(ip(0.0.0.0) port(514)); };
filter f_cne_rtr { host("grrcis*") or host("grrnor*"); };
destination d_cne_rtr {
file("/var/log/cne/routers/$HOST/$YEAR/$MONTH/$FULLDATE.log"
owner(root) group(logs) perm(0640) dir_perm(0770)
create_dirs(yes) );
};
log { source(rsrc); filter(f_cne_rtr); destination(d_cne_rtr);};
Hope that helps.
Mark