[syslog-ng] Log only one host

Thomas Wollner tw at wollner-net.de
Mon Dec 12 12:05:49 CET 2011 

Hello,

to separate the destination logfiles for each host, use the following

destination d_file_foreach_host {
  file("/var/log/$FULLHOST.log");
}


log {
  source(s_all);
  destination(d_file_foreach_host),
};

hope it helps,
regards,

Tom



Zitat von "tokie at tiscali.it" <tokie at tiscali.it>:

>> Try using the netmask filter.
>
>> filter f_host_a_b_c_d {
>>  netmask
> ("a.b.c.d/32");
>>  };
>
> Tks for reply,
> I tried but don't work!
> More
> specific:
> I wish that all devicies in my network, logging into a
> specific file on syslog server.
>
> Now all files log all devicies!!
> I
> have the same result in different
> file(100.log, 101.log, and so on)
>
>
> Must I use iptables's match?? How??
>
> tks
> Tokie
>
> p.s.:
> netmask("a.b.c.
>
> d/32") or netmask("a.b.c.d/255.255.255.255") ???
>
> ----Messaggio
> originale----
> Da: syslog-ng-request at lists.balabit.hu
> Data: 10/12/2011
> 12.00
> A: <syslog-ng at lists.balabit.hu>
> Ogg: syslog-ng Digest, Vol 80,
> Issue 15
>
> Send syslog-ng mailing list submissions to
> 	syslog-ng at lists.
> balabit.hu
>
> To subscribe or unsubscribe via the World Wide Web, visit
>
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> or, via email, send
> a message with subject or body 'help' to
> 	syslog-ng-request at lists.
> balabit.hu
>
> You can reach the person managing the list at
> 	syslog-ng-
> owner at lists.balabit.hu
>
> When replying, please edit your Subject line so
> it is more specific
> than "Re: Contents of syslog-ng digest..."
>
>
>
> Today's Topics:
>
>    1. Re:  syslog-ng 3.3.3 repeatedly writes same
> message to local
>       file when forwarding enabled (Dave Haywood)
>
> 2. Re:  Log only one host (tokie at tiscali.it)
>    3. Re:  Log to syslog
> file, filter from fifo (Balazs Scheidler)
>    4.  [Bug 146] pdbtool
> match does not display tags
>       (bugzilla at bugzilla.balabit.com)
>
>
>
> ----------------------------------------------------------------------
>
>
> Message: 1
> Date: Fri, 09 Dec 2011 11:22:24 +0000
> From: Dave Haywood
> <tla at oak.selfip.net>
> Subject: Re: [syslog-ng] syslog-ng 3.3.3
> repeatedly writes same
> 	message to local file when forwarding enabled
>
> To: Syslog-ng users' and developers' mailing list
> 	<syslog-ng at lists.
> balabit.hu>
> Cc: Sandor Geller <Sandor.Geller at morganstanley.com>
> Message-
> ID: <4EE1EF70.1060001 at oak.selfip.net>
> Content-Type: text/plain;
> charset=ISO-8859-1
>
> On 09/12/2011 09:53, Sandor Geller wrote:
>> Sounds
> like messages sent to 192.168.0.7 are feeded back to syslog-ng
>> so
> there is a logging loop. Is this address local? When not then there
>>
> is a chance that the packet filter rule isn't correct.
>   Thanks!  You
> were right, the issue was with the iptables rule.  I
> was trying to
> capture traffic from localhost to port 514 and
> redirect it to 1514
> using NAT table OUTPUT.  I use this for testing
> every facility /
> severity combination during install.  But I didn't
> specify a
> destination host (of the local IP address); I only
> specified the port.
> This meant and traffic forwarded to a remote
> host is redirected by
> iptables back to the localhost, causing a loop.
>
>   Thanks for the help
> :)
>
>>
>> On Fri, Dec 9, 2011 at 10:34 AM, Dave Haywood <tla at oak.selfip.
> net> wrote:
>>> Hi,
>>>
>>>  I have a problem with syslog-ng 3.3.3.  When
> I have forwarding enabled to a remote syslog server (via UDP) syslog-ng
> repeatedly writes the same message(s) to the log file and only stops
> when the disk is full.  Using tcpdump on the remote server, I don't see
> any data arrive from the syslog-ng server so forwarding is not working
> either.
>>>
>>>  When I remove the forwarding part of the config file the
> local file is written correctly (ie once).  If I remove the local file
> part from the config file and only enable the forwarding, I see syslog-
> ng take all the CPU time.  I never see any syslog messages arrive at
> the remote syslog server.
>>>
>>>  I tried:
>>>        1) disabling IPv6 -
> no change
>>>        2) running outside the chroot jail - no change
>
>>>        3) running as userid root - no change
>>>
>>>  Does anyone have
> any idea what would cause this?  Debug info below.
>>>
>>>  The
> environment is:
>>>
>>> RedHat AS 4.8 (linux 2.6.9-89.ELsmp) on vmware
> ESXi 4.1.0
>>>
>>> All required software built and installed in
> /usr/local/ :
>>>
>>> eventlog_0.2.12.tar.gz
>>> gettext-0.18.1.1.tar.gz
>
>>> glib-2.29.90.tar.bz2
>>> libdbi-0.8.4.tar.gz
>>> libdbi-drivers-0.8.3.
> tar.gz
>>> libffi-3.0.9.tar.gz
>>> libnet-0.10.11.tar.gz
>>> pkg-config-
> 0.26.tar.gz
>>> Python-2.7.2.tar.bz2
>>> zlib-1.2.5.tar.bz2
>>> syslog-
> ng_3.3.3.tar.gz
>>>
>>> syslog-ng is running chroot() in directory /data
> as user
>
>
> E' nata indoona: chiama, videochiama e messaggia Gratis. Scarica   
> indoona per iPhone, Android e PC: http://www.indoona.com/
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:   
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>



----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.

More information about the syslog-ng mailing list