[syslog-ng] filter on src ip address.

Tue Oct 28 22:18:51 CET 2008

Hi Leo,

Thanks for your quick reply.. Im looking at it, but it does not seem to make much sense to me..

Am I correct to assume that destination is a sort of container for what goes where?

I extracted this from my Debian syslog-ng install

source s_all {
        # message generated by Syslog-NG
        internal();
        # standard Linux log source (this is the default place for the syslog()
        # function to send logs to)
        unix-stream("/dev/log");
        # messages from the kernel
        file("/proc/kmsg" log_prefix("kernel: "));
        # use the following line if you want to receive remote UDP logging messages
        # (this is equivalent to the "-r" syslogd flag)
        # udp();
};

######
# destinations

# some standard log files
destination df_auth { file("/var/log/auth.log"); };

# auth,authpriv.*                 /var/log/auth.log
log {
        source(s_all);
        filter(f_auth);
        destination(df_auth);
};

So, I could do something like:

Source MyAppliance {
        udp(<src IP>)
};

Destination MyAppliance_log { file("/var/log/MyAppliance"); };

Log {

        Source(MyAppliance);
        Destination(MyAppliance_log);

};

Does that make sense?

Now the next question is, can I have the syslog-ng accept everyting, but "auto" generate a new file for each different source addresses?

Cheers

Esben

> -----Oprindelig meddelelse-----
> Fra: Leonard Mills [mailto:lenm at ops.corpnet.sel.sony.com]
> Sendt: 28. oktober 2008 21:53
> Til: Esben Laursen
> Emne: Re: [syslog-ng] filter on src ip address.
>
> You should probably start with:
>
>   man  syslog-ng.conf
>
> Pay particular attention to the section "DESTINATIONS"
> What you want to do is _very_ easy with NG.
>
> Len
>
> On Tue, 28 Oct 2008, Esben Laursen wrote:
>
> > Hi Guys,
> >
> > I've been looking at syslog-ng's website, but cannot seem to find the
> correct info.
> >
> > I need to have a syslog server that gather logs from different
> appliances devices. Currently I just a regular syslogd, the problem is
> that I need to have every appliance in a different file, and that does
> syslogd not support.
> >
> > I've looked at the webpage for it appear that syslog-ng support this, I
> look at the feature list, it says something like this:
> >
> > Filtering for sending IP address, check for syslog-ng.
> >
> > However I have no idea how to configure it or if I misunderstood the
> meaning of the feature list.
> >
> > Could someone please point me in the correct direction?
> >
> > Cheers
> >
> > Esben
> >
> >
> __________________________________________________________________________
> ____
> > Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> > Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> > FAQ: http://www.campin.net/syslog-ng/faq.html
> >
> >
> >
>