[syslog-ng] can two destinations refer to the same file?
Jason Haar
Jason.Haar at trimble.co.nz
Sat Oct 24 22:14:23 CEST 2009
Hi there
I'm wanting to configure syslog-ng so that I have two different filters
that are associated with two different destinations - which have the
same filename - but different templates. The issue I have is that we
have a range of syslog clients, which may or may not have trustworthy
clocks. So I default to ignoring their timestamps and use the syslog
servers clock, except for the hosts I know to also use NTP. What I want
to confirm is that syslog-ng will happily open /var/log/messages ONCE
and will parse the following the way I intend?
ie
#clocks on unix systems (which are named 'blah-unix-number') are always
configured correctly
filter f_goodclock { host("-unix-")
};
#can't trust everything else
filter f_badclock { not host("-unix-")
};
destination d_badclock_messages {
file("/var/log/messages"
template("$R_ISODATE $HOST $FACILITY $PRIORITY $MSG\n")
};
destination d_goodclock_messages {
file("/var/log/messages"
template("$S_ISODATE $HOST $FACILITY $PRIORITY $MSG\n")
};
log { ... filter(f_badclock); destination(d_badclock_messages);};
log { ... filter(f_goodclock); destination(d_goodclock_messages);};
Should that work as I hope?
Thanks!
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
More information about the syslog-ng
mailing list