[syslog-ng] logging several to one facility - parsing

Ken Garland ken.garland at rotech.com
Fri Aug 19 18:07:23 CEST 2005 

Yes, this is possible. I was using a similar setup before and even had 
$HOST.$FACILITY where I would receive logs such as 'host1.auth' etc. 
Though I must say I learned that logging like this is more headache than 
it is worth and unless you have a specific purpose for doing this I 
would recommend staying with one log file, then just grep through it fo 
what you need or feed it into some type of tool for parsing. Once you 
separate the log files like this most data gathering programs will not 
interact with them. But if you just want clean little logs of various 
systems to look through once in a while then go for it. ;)

- Ken

Terry wrote:

> Excellent.  As long as I know something like that is possible.  I can 
> figure out the rest.  Thank you.
>
> On 8/19/05, *Paul Krizak* < paul.krizak at amd.com 
> <mailto:paul.krizak at amd.com>> wrote:
>
>     You could set up filters that each uniquely match the router you
>     want to
>     monitor, then have different log destinations for each of them.
>
>     Or, assuming that your routers send along a hostname that is also a
>     valid filename, you can do something like this:
>
>     destination router_logs {
>             file(
>                     "/var/log/routers/$HOST-router.log"
>                     create_dirs(yes)
>             );
>     };
>
>
>
>     Paul Krizak                         5900 E. Ben White Blvd. MS 625
>     Advanced Micro Devices              Austin, Tx  78741
>     CAD Systems Engineering
>     Paul.Krizak at amd.com <mailto:Paul.Krizak at amd.com>
>
>
>     Terry wrote:
>     > Hello,
>     >
>     > I have several routers that I want to receive logs for.  Can I
>     send all
>     > the logs from these to a single facility and have syslog-ng
>     parse and
>     > write them to different log files based on a ruleset such as ip
>     address,
>     > type of log, etc. ?
>     >
>     > Thanks!
>     >
>     >
>     >
>     ------------------------------------------------------------------------
>     >
>     > _______________________________________________
>     > syslog-ng maillist  -   syslog-ng at lists.balabit.hu
>     <mailto:syslog-ng at lists.balabit.hu>
>     > https://lists.balabit.hu/mailman/listinfo/syslog-ng
>     > Frequently asked questions at
>     http://www.campin.net/syslog-ng/faq.html
>     >
>
>     _______________________________________________
>     syslog-ng maillist  -  syslog-ng at lists.balabit.hu
>     <mailto:syslog-ng at lists.balabit.hu>
>     https://lists.balabit.hu/mailman/listinfo/syslog-ng
>     Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
>
>
>------------------------------------------------------------------------
>
>_______________________________________________
>syslog-ng maillist  -  syslog-ng at lists.balabit.hu
>https://lists.balabit.hu/mailman/listinfo/syslog-ng
>Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
>
>  
>

More information about the syslog-ng mailing list