[syslog-ng]Eventog to syslog
Philip Webster
syslog-ng@lists.balabit.hu
Mon, 10 May 2004 09:30:35 +1000
Tom,
Edwards, Thomas wrote:
> Has anyone ever used the Eventlog to syslog program found here.
>
> https://engineering.purdue.edu/ECN/Resources/Documents/UNIX/evtsys
I'm using this as the preferred choice for receiving logs from Windows boxen.
> I was trying to decipher their input as to how to word the filters and
> am coming up short other than putting a direct match for the host name I
> am using.
>
> Any help would be greatly appreciated.
I don't use a filter, but use a destination along the lines of ...
file("/path/to/logs/$HOST/$YEAR-$MONTH-$DAY"
template("$FULLDATE $FULLHOST $FACILITY.$PRIORITY $MSG\n")
owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes));
... which means that logs for each host go into a separate directory, and that
they are 'rotated' on a daily basis. This may not suit your needs, but works
well for me.
Cheers
Phil