[syslog-ng] individual files

Ryan Eldridge ryan.eldridge at gmail.com
Mon Aug 11 02:42:20 CEST 2008 

Hello all.

After playing around with syslog-ng all afternoon, needless to say I'm a
little confused and frustrated. I have managed to get it running on most of
my Linux boxes and it to accept data from a couple of them still running
syslog which is what I want. The issue I'm facing is the config file I found
do to the wonders of Google is splitting the information based on host but
not into separate files like I'm use to with syslog aka cron, messages,
syslog etc.. what i'm looking for output is the following:

ls -shl /var/log/HOSTS/peter.domain.com/2008/08
4.0K -rw------- 1 root root  866 2008-08-10 20:46 auth.log
   0 -rw-r--r-- 1 root root    0 2008-08-10 17:22 cron.log
   0 -rw-r--r-- 1 root root    0 2008-08-10 17:22 daemon.log
4.0K -rw------- 1 root root 2.8K 2008-08-10 18:26 debug
8.0K -rw-r--r-- 1 root root 6.6K 2008-08-10 14:36 dmesg
   0 -rw-r----- 1 root root    0 2002-04-06 19:13 maillog
 12K -rw------- 1 root root 8.2K 2008-08-10 20:05 messages
   0 -rw-r--r-- 1 root root    0 2008-08-10 18:22 ntpd
   0 -rw-r----- 1 root root    0 1994-05-09 03:06 secure
   0 -rw-r----- 1 root root    0 2002-03-09 00:29 spooler
 12K -rw------- 1 root root 8.6K 2008-08-10 20:05 syslog

Currently i'm getting the following:
ls -shl /var/log/HOSTS/peter.domain.com/2008/08
12K -rw------- 1 root root 11K 2008-08-10 21:31 10
which contains all the results. I'll post the file I'm using below any help
would be useful


###############################################################
# First, set some global options.

options {
use_fqdn(yes);
use_dns(yes);
dns_cache(yes);
keep_hostname(yes);
long_hostnames(off);
sync(1);
log_fifo_size(1024);
};

###############################################################
#
# Logs may come from unix stream, and UDP:514
#
source src {
pipe("/proc/kmsg");
unix-stream("/dev/log");
internal();
udp(ip("192.168.2.3") port(514));
tcp(ip("192.168.2.3") port(514) keep-alive(yes));
};

###############################################################
# First some standard logfile
#

destination authlog { file("/var/log/auth.log"); };
destination syslog { file("/var/log/syslog"); };
destination cron { file("/var/log/cron.log"); };
destination daemon { file("/var/log/daemon.log"); };
destination user { file("/var/log/user.log"); };
#destination debug { file("/var/log/debug"); };
destination messages { file("/var/log/messages"); };

##########################################
# Here's the filter options. With this rules, we can set which
# message go where.

filter f_authpriv { facility(auth, authpriv); };
filter f_syslog { not facility(auth, authpriv) and not facility(mail); };
filter f_cron { facility(cron); };
filter f_daemon { facility(daemon); };
filter f_kern { facility(kern); };
#filter f_mail { facility(mail); };
filter f_user { facility(user); };
#filter f_news { facility(news); };
#filter f_debug { not facility(auth, authpriv, news, mail); };
filter f_messages { level(info .. warn)
       and not facility(auth, authpriv, cron, daemon, mail, news); };
filter f_emergency { level(emerg); };
filter f_info { level(info); };
filter f_notice { level(notice); };
filter f_warn { level(warn); };
filter f_crit { level(crit); };
filter f_err { level(err); };

###############################################################
#
# log statements actually send logs somewhere, to a file, across the
network, etc
#

log { source(src); filter(f_authpriv); destination(authlog); };
log { source(src); filter(f_authpriv); destination(std); };
log { source(src); filter(f_syslog); destination(std); };
log { source(src); filter(f_cron); destination(std); };
log { source(src); filter(f_daemon); destination(std); };
log { source(src); filter(f_daemon); destination(std); };
log { source(src); filter(f_kern); destination(std); };
log { source(src); filter(f_user); destination(std); };
#log { source(src); filter(f_debug); destination(std); };
log { source(src); filter(f_messages); destination(std); };

## set up logging to loghost
#destination loghost {
# tcp("10.0.0.1" port(514));
#};

# send everything to loghost, too
#log {
# source(src);
# destination(loghost);
#};

#
# automatic host sorting (usually used on a loghost)
#
# set it up
destination std {
file("/var/log/HOSTS/$HOST/$YEAR/$MONTH/$FACILITY_$HOST_$YEAR_$MONTH_$DAY"
owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes)
);
};

# log it
log {
source(src);
destination(std);
};
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20080810/294f6e06/attachment.htm

More information about the syslog-ng mailing list