[syslog-ng] Create a Log file for Each server.

Jim Hendrick jrhendri at roadrunner.com
Wed Dec 10 13:55:32 CET 2014


I assume you are still using these config settings (from your August emails)

options {
flush_lines (0);
time_reopen (10);
log_fifo_size (1000);
long_hostnames (off);
use_dns (no);
use_fqdn (no);
create_dirs (no);
keep_hostname (yes);
};

Please try changing create_dirs()

Also - I suggest you browse / search the excellent documentation at the
balabit site.

We are happy to help, but most of your questions are answered there

Jim




On 12/10/2014 06:11 AM, Jason Long wrote:
> Hello
> I change my configuration to :
>
> destination d_separatedbyhosts {
> file( "/var/log/$HOST/$HOST.$FACILITY.$SEVERITY.$YEAR.$MONTH.$DAY"owner("root") group("root") perm(0644)); };
>
> log { source(s_netsyslog); destination(d_separatedbyhosts); };
>
> but I when I browse /var/log , I can't see any new file or folder :(. What is the problem?
>
>
> Cheers.
>
>
>
>
>
> On Saturday, December 6, 2014 7:29 PM, Jim Hendrick <jrhendri at roadrunner.com> wrote:
> very simple.
>
> destination d_separatedbyhosts {
>   file( "/var/log/$HOST/$HOST.$FACILITY.$SEVERITY.$YEAR.$MONTH.$DAY" );
> }
>
> (didn't you ask this back in August?)
>
>
>> Hello all.
>> How are you?
>> I have a windows sever with Syslog agent installed on it and it forward all logs to my Linux box. My Syslog-NG collected it very well but I want to Forward another Windows Events into my Syslog server but How can I modify my current config file for create another file for this new server? I use Logstash and Kibana on my Linux Box, Can it detect my new Log file automatically? 
>>
>> # syslog-ng configuration file.
>> #
>> # This should behave pretty much like the original syslog on RedHat. But
>> # it could be configured a lot smarter.
>> #
>> # See syslog-ng(8) and syslog-ng.conf(5) for more information.
>> #
>>
>> options {
>> flush_lines (0);
>> time_reopen (10);
>> log_fifo_size (1000);
>> long_hostnames (off);
>> use_dns (no);
>> use_fqdn (no);
>> create_dirs (no);
>> keep_hostname (yes);
>> };
>>
>> source s_netsyslog {
>> udp(ip(0.0.0.0) port(514) flags(no-hostname));
>> tcp(ip(0.0.0.0) port(514) flags(no-hostname));
>> };
>>
>> destination d_netsyslog { file("/var/log/network.log" owner("root") group("root") perm(0644)); };
>>
>> log { source(s_netsyslog); destination(d_netsyslog); };
>>
>>
>> as you see it collect Syslog from any IP address.
>>
>> Cheers.
>> ______________________________________________________________________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20141210/04bb32a0/attachment.htm 


More information about the syslog-ng mailing list