[syslog-ng] grouping of sources
Balazs Scheidler
bazsi at balabit.hu
Sun Feb 8 16:08:26 CET 2009
On Fri, 2009-02-06 at 18:12 -0500, Joe Shaw wrote:
> Hi,
>
> Is there a way to create a "group" of sources for log rules? This
> would be quite helpful when using the new include functionality for
> configuration files.
>
> To give you an idea of my setup: I have two files. One is a site
> config, which will be the same for every host. It contains global
> configuration and well-known destinations. The other file differs
> per-host, with different sources. I would like to be able to set up
> log rules for routing messages from those disparate sources to the
> well-known destinations inside the site config, but there doesn't seem
> to be any way to do it. Here's a pseudo-example.
>
> Site config:
> options { ... };
>
> destination d_whatever { ... };
>
> Host 1 config:
> source s_one { ... };
>
> log { source(s_one); destination(d_whatever); };
>
> Host 2 config:
> source s_two_alpha { ... };
> source s_two_beta { ... };
>
> log { source(s_two_alpha); source(s_two_beta); destination(d_whatever); };
>
> Ideally, I'd be able to do something like this:
>
> Site config:
> options { ... };
>
> destination d_whatever { ... };
>
> log { source(s_aggregate); destination(d_whatever); };
>
> Host 1 config:
> source s_one { ... };
>
> source s_aggregate { source(s_one); };
>
> Host 2 config:
> source s_two_alpha { ... };
> source s_two_beta { ... };
>
> source s_aggregate { source(s_two_alpha); source(s_two_beta); };
>
> This setup maintains a nice, clean abstraction of the logging rules
> away from the source data. Is there any way to do something like
> this?
Interesting idea. The only similar functionality what we have right now
is the use of 'catch-all' flag. A catch-all log rule behaves as if _all_
sources would be specified. This is much less flexible what you have
described though.
Is this enough for you?
--
Bazsi
More information about the syslog-ng
mailing list