[syslog-ng] Individual Logs Files to each Forward to Different server/port?
Jim Hendrick
jrhendri at roadrunner.com
Mon Sep 8 17:16:55 CEST 2014
there's actually a ton of ways to do it.
Roughly in the order I would try them:
1) If the different logs you want to separate use different priorities,
facilities, programs - you can directly reference those in filters.
2) If you need to (or choose to) modify the logs yourself - you can use
program_override() to write a different string in that section of the
syslog message, then filter on that on the receiving end. NOTE: This
option replaces the deprecated /|log_prefix()|/ option.
3) You can also use /|match(regexp value("MACRO"))|/ where MACRO is MSG
or MSGHDR in the filter to filter messages based on a regex to match text.
Jim
On 09/08/2014 09:46 AM, wiskbroom at hotmail.com wrote:
> I had thought about that, but how do I differentiate the individual
> logs on the receiving end?
> Doing so would certainly remove the need for me to listen on two
> ports, and split output to two ports.
>
> Thank you,
>
> .vp
>
> Vadim Anatoly Pushkin -- The Ukranian Stallion --
>
> ------------------------------------------------------------------------
> Date: Fri, 5 Sep 2014 23:24:25 -0400
> From: jrhendri at roadrunner.com
> To: syslog-ng at lists.balabit.hu
> Subject: Re: [syslog-ng] Individual Logs Files to each Forward to
> Different server/port?
>
> Quick thought. Look at filters on the receiving end. Might be easier.
> Jim
>
>
> Sent from my Verizon Wireless 4G LTE smartphone
>
>
> -------- Original message --------
> From: wiskbroom at hotmail.com
> Date:09/05/2014 5:42 PM (GMT-05:00)
> To: syslog-ng at lists.balabit.hu
> Cc:
> Subject: [syslog-ng] Individual Logs Files to each Forward to
> Different server/port?
>
> Greetings!
>
> Is is possible to configure a syslog-ng client to forward logs to a
> syslog-ng server based on file?
>
> I am thinking of the following as an example:
>
> destination named-LOGS {
> udp(ip(192.168.1.100) port(555));
> };
> source named {
> file("/var/log/named/bind.log" log_prefix("BIND-LOGS"));
> };
> log {
> source(named);
> destination(named-LOGS);
> };
>
>
> destination dhcpd-LOGS {
> udp(ip(192.168.1.100) port(556));
> };
> source dhcpd {
> file("/var/log/dhcpd/dhcp.log" log_prefix("DHCPD-LOGS"));
> };
> log {
> source(dhcpd);
> destination(dhcpd-LOGS);
> };
>
>
> In this example, I am sending each to the same destination IP address,
> although that is configurable, but each log file to a different port,
> and with a different log_prefix as well.
>
>
> Does this OK,or is their a simpler way?
>
>
> Many thanks,
>
>
> .vp
>
> Vadim Anatoly Pushkin
> -- The Ukranian Stallion --
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng FAQ:
> http://www.balabit.com/wiki/syslog-ng-faq
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20140908/0de4c48c/attachment.htm
More information about the syslog-ng
mailing list