[syslog-ng] Having hostname and sender's IP address in header
Matthew Hall
mhall at mhcomputing.net
Tue Oct 26 04:05:18 CEST 2010
Michael,
Let's say for the sake of discussion all syslogs arrive from here:
> source s_general {
> tcp(ip(10.153.29.235) port (514) max-connections(1000) );
> };
Now you could do this:
> source s_general {
> tcp(ip(10.153.29.235) port (514) max-connections(1000) );
> };
source s_loopback_local {
udp(ip(127.0.0.1) port(5140));
# set properties to preserve hostnames
}
source s_loopback_tripwire {
udp(ip(127.0.0.1) port(5141));
# set properties to preserve IP addresses
}
destination d_loopback_local {
udp(ip(127.0.0.1) port(5140));
# set appropriate template
}
destination d_loopback_tripwire {
udp(ip(127.0.0.1) port(5141));
# set appropriate template
}
log {
source(s_general);
destination(d_loopback_local);
destination(d_loopback_tripwire);
flags(final);
}
log {
source(s_loopback_local);
destination(***local storage log files***);
}
log {
source(s_loopback_tripwire);
destination(***remote relay to tripwire using d_tripwire_udp***);
}
> destination d_tripwire_udp {
> udp("10.153.29.249" port (514));
> };
Is this description more clear?
Cheers,
Matthew.
On Mon, Oct 25, 2010 at 07:57:08PM -0400, Worsham, Michael wrote:
> Umm... what? Totally lost me there.
More information about the syslog-ng
mailing list