[syslog-ng]Sort/filter logs on source IP address

Aaron Jackson syslog-ng@lists.balabit.hu
Wed, 15 Oct 2003 14:36:04 -0400


This is easy.  Just use the $HOST macro i.e.

destination d_log { file("/var/log/all/$HOST/$DATE/$FACILITY"); };

Make sure none of the hosts are in your /etc/hosts file or in DNS.

Wayne Sweatt wrote:

>I've asked this question before in a slightly different manner (Can I run
>multiple instances of Syslog-NG - One for Mac OS X, one for other UNIX...),
>but still have not a satisfactory answer to that on, so.. I'd thought I'd
>ask a similar question and hope for a more definitive answer:
>
>Is there a way to filter or regexp match an incoming UDP log by IP Address
>so that logging clients from certain networks go to certain log
>directories/destinations ?
>For example, I want to log everything from 128.128.1.0 in /var/log/NetworkA,
>and log everything from 128.128.2.0 in /var/log/NetworkB/.
>I know host() will operate on hostname, but I don't want to have to maintain
>a list of hosts to match against - I want it be dynamic, so when a new
>client is added, it can log automatically to the appropriate directory.
>Syslog-ng has the source IP with each log, so this shouldn't be a problem,
>right?
>
>I am using the latest version of syslog-ng, and UDP as the protocol.
>Reminder: I do not want to know about TCP Wrappers, I don't want to block
>IPs, just direct logs from certain IP subnets to certain
>directories/file-systems.
>
>
>
>
>
> Wayne Sweatt
> Sr. UNIX System Administrator
> Comforce Technical Services
> LANL SCC Team
>
>
>
>_______________________________________________
>syslog-ng maillist  -  syslog-ng@lists.balabit.hu
>https://lists.balabit.hu/mailman/listinfo/syslog-ng
>Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
>  
>