[syslog-ng]splitting logs on central log host?

Jeffrey Forman syslog-ng@lists.balabit.hu
Sat, 14 Feb 2004 08:45:28 -0600 

--=-y+dmxt7f7ewJil8o3Wo9
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

I have just setup syslog-ng to log about 15 machines to a central log
host, and i absolutely love it, but i have a question. right now i'm
splitting the logs like this on the loghost
destination hosts {
   file("/mnt/backups/logs/$HOST/$YEAR/$MONTH/$FACILITY$YEAR$MONTH"
   owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes));
};

but that only splits the logs via facility. there are more logs being
written on the client log machines, which are configured like this

destination messages { file("/var/log/messages"); };
destination ssh { file("/var/log/ssh.log"); };
destination cron { file("/var/log/cron.log"); };
destination auth { file("/var/log/auth.log"); };
destination syslog { file("/var/log/syslog.log"); };
destination xinetd { file("/var/log/xinetd.log"); };
destination rsync { file("/var/log/rsync.log"); };
destination cfengine { file("/var/log/cfengine.log"); };

filter f_ssh { program("sshd"); };
filter f_cron { program("cron"); };
filter f_auth { program("su") or program("sudo"); };
filter f_syslog { program("syslog-ng"); };
filter f_xinetd { program("xinetd"); };
filter f_rsync { program("rsyncd"); };
filter f_cfengine { program("cfengine"); };
filter f_messages { ...}; // with messages getting everything else

log { source(src); filter(f_ssh); destination(ssh); };
log { source(src); filter(f_cron); destination(cron); };
log { source(src); filter(f_auth); destination(auth); };
log { source(src); filter(f_syslog); destination(syslog); };
log { source(src); filter(f_xinetd); destination(xinetd); };
log { source(src); filter(f_rsync); destination(rsync); };
log { source(src); filter(f_cfengine); destination(cfengine); };
log { source(src); filter(f_messages); destination(messages); };

what i would like to do is log the files as they are being logged
locally on the client machines, the same way on the loghost. do i have
to change the destination? how do i get the same file names, etc, that
are being logged, but on the loghost? any help is greatly appreciated.

-Jeffrey
--=20


--------------------------
Jeffrey Forman
Gentoo Infrastructure Team
jforman@gentoo.org
--------------------------

--=-y+dmxt7f7ewJil8o3Wo9
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQBALjSI/VRN5BlQ3dQRAn7wAJ0eBfdZnWK5N9raBuWM4VJAIkbYMwCfda/w
GsE+DFLWyrY8KIkzGb74JPE=
=BJlo
-----END PGP SIGNATURE-----

--=-y+dmxt7f7ewJil8o3Wo9--