[syslog-ng] Auto routing to specific relay based on hostname

sagar naravane sagar.naravane at gmail.com
Wed Aug 22 11:41:11 CEST 2012 

Gergely,

Here all three log {} gets executed. What i am basically looking for is a
"if..else" or "case" sort of condition where only one of client-relay
communication happens based on hostname of client system.

Aug 22 02:33:39 sj1slm227 syslog-ng[1166]: Syslog connection established;
fd='12', server='AF_INET(10.5.81.89:514)', local='AF_INET(0.0.0.0:0)'
*Aug 22 02:36:48 sj1slm227 syslog-ng[1166]: Syslog connection failed;
fd='66', server='AF_INET(10.116.104.86:514)', error='Connection timed out
(110)', time_reopen='60'*
*Aug 22 02:36:48 sj1slm227 syslog-ng[1166]: Syslog connection failed;
fd='65', server='AF_INET(10.129.104.21:514)', error='Connection timed out
(110)', time_reopen='60'*

On Wed, Aug 22, 2012 at 3:01 PM, sagar naravane <sagar.naravane at gmail.com>wrote:

> Shouldn't it be
>
> filter f_colo_sj { host("^sj1*"); };
> filter f_colo_du { host("^du1*"); };
> filter f_colo_da { host("^da1*"); };
>
> Sagar
>
>
> On Wed, Aug 22, 2012 at 2:55 PM, Gergely Nagy <algernon at balabit.hu> wrote:
>
>> sagar naravane <sagar.naravane at gmail.com> writes:
>>
>> > I am a newbie to syslog-ng solution. I am trying to create a common
>> config
>> > file to be distributed across client machines in San Jose, Dallas and
>> > Dublin colos. Every colo has 1 dedicated relay which forwards log data
>> to a
>> > central server
>> >
>> > (SJ|DU|DA)_ client -->  (SJ|DU|DA)_ relay --> SYSLOG-NG server
>> >
>> > the clients located in these colos have sj,du & da in their hostnames eg
>> > da1xxx058, du1xxx059, sj1xxx060. I want to setup the config in a way
>> that
>> > based on hostname the config decides what relay to connect to.
>> >
>> > Is this possible ?
>>
>> Yep, it is.
>>
>> One way to do it is to use filters: you set up a filter that matches
>> each colo, and set up your destinations so that each message that
>> matches a given colo filter, goes to the appropriate relay.
>>
>> Something along these lines:
>>
>> filter f_colo_sj { host("^sj"); };
>> filter f_colo_du { host("^du"); };
>> filter f_colo_da { host("^da"); };
>>
>> destination d_relay_sj { ... };
>> ...
>>
>> log {
>>   source(s_local);
>>   filter(f_colo_sj);
>>   destination(d_relay_sh);
>>   flags(final);
>> };
>>
>> log {
>>   source(s_local);
>>   filter(f_colo_du);
>>   destination(d_relay_du);
>>   flags(final);
>> };
>>
>> ...and so on and so forth. The disadvantage here is that you need a
>> filter and a destination for each relay, but with only 3 relays, that's
>> bearable.
>>
>> --
>> |8]
>>
>>
>> ______________________________________________________________________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation:
>> http://www.balabit.com/support/documentation/?product=syslog-ng
>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>
>>
>
>
> --
> Regards,
>
> Sagar Naravane
>



-- 
Regards,

Sagar Naravane
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20120822/f31f15f2/attachment-0001.htm

More information about the syslog-ng mailing list