[syslog-ng]Recording relay instance

[Michael Boman]

--=-Vcm9y7rBuddLlO0QIgDF
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

Hi,

I have some "problems" with syslog-ng. I have it deployed in several
networks, and some of these networks are sharing the same IP address
range and sometimes even the same IP address for certain hosts. This
means that I can't truly say that 192.168.51.4 is either the db server
in network A or the web server in network B.

I'd like to have a $RELAY macro so I can save the logs as

/LOGS/$RELAY/$HOST/$YEAR/$MONTH/$DAY/$FACILITY_$YEAR_$MONTH_$DAY

Where $RELAY is where the message came from (so with direct connections
it would be the same as $HOST, but with a syslog-ng in relay mode you
get the address/name of the relay host). Basically a "received from"
field.

Is this functionality planned, or does it already exist (checked out the
documentation but didn't see anything there).

Best regards
 Michael Boman

--=20
Michael Boman
Security Architect, SecureCiRT Pte Ltd
http://www.securecirt.com

--=-Vcm9y7rBuddLlO0QIgDF
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQA+8uieds5fQJiraJwRAklCAKCw9Vi0swMCSMaae9ewNFdEw8UKnQCg4Z9T
6JdtR9noJ0Zl32ahzbzqPWI=
=Rt52
-----END PGP SIGNATURE-----

--=-Vcm9y7rBuddLlO0QIgDF--