[syslog-ng] grouping of sources
Joe Shaw
joe at joeshaw.org
Sat Feb 7 00:12:34 CET 2009
Hi,
Is there a way to create a "group" of sources for log rules? This
would be quite helpful when using the new include functionality for
configuration files.
To give you an idea of my setup: I have two files. One is a site
config, which will be the same for every host. It contains global
configuration and well-known destinations. The other file differs
per-host, with different sources. I would like to be able to set up
log rules for routing messages from those disparate sources to the
well-known destinations inside the site config, but there doesn't seem
to be any way to do it. Here's a pseudo-example.
Site config:
options { ... };
destination d_whatever { ... };
Host 1 config:
source s_one { ... };
log { source(s_one); destination(d_whatever); };
Host 2 config:
source s_two_alpha { ... };
source s_two_beta { ... };
log { source(s_two_alpha); source(s_two_beta); destination(d_whatever); };
Ideally, I'd be able to do something like this:
Site config:
options { ... };
destination d_whatever { ... };
log { source(s_aggregate); destination(d_whatever); };
Host 1 config:
source s_one { ... };
source s_aggregate { source(s_one); };
Host 2 config:
source s_two_alpha { ... };
source s_two_beta { ... };
source s_aggregate { source(s_two_alpha); source(s_two_beta); };
This setup maintains a nice, clean abstraction of the logging rules
away from the source data. Is there any way to do something like
this?
Thanks,
Joe
More information about the syslog-ng
mailing list