[syslog-ng] How to manage the Syslog-NG messages coming from different sites? Each sites has their Syslog-NG clients?
Marcos Tang
marcostang2002 at yahoo.com
Wed Aug 3 12:20:18 CEST 2011
Hi,
I have a problem to manage the Syslog-NG messages sending from different Syslog-NG clients at different remote sites.
For example, I have 10 sites (site1, site2, site3 to site 10) running Syslog-NG clients. Each site has one Syslog-NG server and all the Syslog messages will be forwarded to the centralized Syslog-NG server and insert into the MySQL database at the headquarter finally.
Now, I can see all the Syslog messages at the headquarter MySQL database; but it is hard for me to manage them.
For example, if I know the hostname of a particular host, I can query the MySQL database to search for the Syslog related to that host. However, if I want to know the Syslog messages coming from a particular site such as "site1", how can I do that? There is no "site1" information inside the Syslog messages.
I am thinking if I can modify the Syslog-NG configuration file such that I can add some information such as "site1" and make it as part of the Syslog messages, I can query the MySQL database for "site1" pattern. But I am not sure if I can do that or not.
If you have any suggestions/ideas, please let me know that.
Regards,
Marcos
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20110803/0cad07f0/attachment.htm
More information about the syslog-ng
mailing list