[syslog-ng]Help with sorting by host

phusion syslog-ng@lists.balabit.hu
Mon, 5 Jul 2004 10:20:36 -0700 (PDT)


Hi, I can't figure out why the following won't work.
My server config file is at the bottom. I'm trying to
get it to log service logs locally on the server to
the directory /var/log/ (multiple files) like normal,
and also to the directory
/storage/logs/$YEAR/$MONTH/$DAY/$HOST/ (multiple
files), so all the service logs for each host will go
into that specific host directory like host1 or host2.
Also, named and sshd log messages to syslog-ng. I'm
not sure what the problem is. Let me know what you
think. Thanks.

# CONFIG FILE
# Options
#
options { long_hostnames(off); sync(0); };

# Sources
#
source local { unix-dgram("/var/run/log"); internal();
file("/dev/klog"); };
source network { tcp(port(514) max-connections(10)
keep-alive(yes)); };

# Destinations
# 
destination localhost { file("/var/log/all.log"); };
destination hosts {
file("/storage/logs/$YEAR/$MONTH/$DAY/$HOST"
		owner(root) group(wheel) perm(0600) dir_perm(0700)
create_dirs(yes)); }; 

# Filters
#
filter d_named { match("named[\[0-9]+\]"); };
filter d_sshd { match("sshd[\[0-9]+\]")
		and match("Server listening") or match("Connection
from")
		or match("(Accepted|Failed) password")
		or match("Connection closed")
		or match("Closing connection"); };
filter h_host1 { host("host1"); };
filter h_host2 { host("host2"); };

# Logs
#
log { source(local); destination(localhost); };
log { source(local); filter(h_host1); filter(d_named);
filter(d_sshd); destination(hosts); };
log { source(remote); filter(h_host2); filter(d_sshd);
destination(hosts); };



		
__________________________________
Do you Yahoo!?
Yahoo! Mail is new and improved - Check it out!
http://promotions.yahoo.com/new_mail