[syslog-ng]syslog-ng 1.6.1

Coward, Robert (Contractor) syslog-ng@lists.balabit.hu
Thu, 22 Apr 2004 13:15:10 -0400


Glenn,
What you need is a filter, I think. Heres how:

source src { unix-stream ("/dev/log"); internal (); };
destination network_logs { file("/var/log/network.log"); };
filter f_network_logs { facility(local1) and level(info); };


Now do the logging:
log { source(src); destination(network_logs); filter(f_network_logs); };

I think that should work for the first one.

For the second one i think you will need to set a filter like the first but
set the destination like so:

destination syslog@10.100.40.1 { tcp("10.100.40.1" port(514)); };

I think thats about it.

---
22 April 2004
"Allow the President to invade a neighboring nation whenever he shall deem
it necessary to repel an invasion and you allow him to do so whenever he
may choose to say he deems it necessary for such purpose, and you allow him
to make war at pleasure.... If today he should choose to say he thinks it
necessary to invade Canada to prevent the British from invading us, how
could you stop him? You may say to him, "I see no probability of the
British invading us," but he will say to you, "Be silent; I see it, if you
don't." (Abrham Lincoln, 1809-1865)
---
Robert V. Coward
UNIX System Administrator
Computer Science Corporation