[syslog-ng] (no subject)
Valdis.Kletnieks at vt.edu
Valdis.Kletnieks at vt.edu
Thu Jul 19 23:10:17 CEST 2007
On Thu, 19 Jul 2007 22:52:46 +0200, Balazs Scheidler said:
> On Thu, 2007-07-19 at 21:54 +0300, Ahmad Al-Dosari wrote:
> > Hi All,
> >
> > Can some one tell how to log from different hosts to a single file?
> >
> > I have several firewalls/routers/CSS and would like to have single
> > file for firewalls logs and another for routers logs and the same for
> > CSS. All of the devices logs are sent using udp port 514
> >
> > I use syslog-ng 2.0.4 and currently all logs are sent to a single
> > file.
>
> Lots of options, the easiest is using $HOST in the destination file
> name.
I think he wants this:
Logs from cisco1, cisco2, cisco3 all go in /var/log/routers
Logs from fw-1, fw-2, some-other-firewall go in /var/log/firewalls
and so on. If he has a naming convention for his network gear, he *might*
be able to do what he wants based on a regexp that *matches* the source hostname.
f_filter { match($HOST,"cisco*");}
and then use *that* to filter into /var/log/routers, or something like that
(I'm late for the door already, somebody else can fix the syntax...)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://lists.balabit.hu/pipermail/syslog-ng/attachments/20070719/31e20f92/attachment.pgp
More information about the syslog-ng
mailing list