[syslog-ng] Regex Solaris from Linux hosts in Syslog-ng config file
Scheidler, Balázs
balazs.scheidler at balabit.com
Sun Nov 1 21:05:35 CET 2015
Can you pls file an issue? Thanks.
On Nov 1, 2015 9:05 PM, "Scheidler, Balázs" <balazs.scheidler at balabit.com>
wrote:
> Yup,I like this idea. We should really make this available as a macro, and
> send it via structured data. RFC5424 even has a field for this.
> On Oct 29, 2015 9:06 PM, "Fekete, Róbert" <robert.fekete at balabit.com>
> wrote:
>
>> Hi,
>>
>> Having the operating system available as a macro came up earlier this
>> week in a thread on serverfault, so it might make a useful feature.
>>
>> Regards,
>>
>> Robert
>>
>> On Thu, Oct 29, 2015 at 8:25 PM, Evan Rempel <erempel at uvic.ca> wrote:
>>
>>> You could use a second interface on the syslog servers and configure the
>>> solaris servers to use this alternate IP address.
>>> You could also use a different port.
>>> Then you could tag the source with "solaris" and then use the tag
>>> filtering to separate those message out of the mix.
>>>
>>> Just my $0.02
>>>
>>>
>>> On 10/29/2015 12:22 PM, vijay amruth wrote:
>>>
>>> Thank you fo rthe reply Balazs.
>>>
>>> Can we use filter functions like this below ?
>>>
>>> filter f_solaris {
>>> host('uname == solaris') }
>>>
>>> My idea is to identify solaris servers.
>>>
>>> Thanks all,
>>> ~Vj
>>>
>>> On Thu, Oct 29, 2015 at 12:59 AM, Balazs Scheidler < <bazsi77 at gmail.com>
>>> bazsi77 at gmail.com> wrote:
>>>
>>>> Well, probably the only sensible way is to filter based on IP addresses.
>>>> On Oct 29, 2015 6:09 AM, "vijay amruth" <vijayamruth at gmail.com> wrote:
>>>>
>>>>> Hello All,
>>>>>
>>>>> We are drawing logs from several hosts which include solaris(10,11) ,
>>>>> linux (centos, ubuntu, rhel) into syslog servers, I want to be able to
>>>>> separate solaris logs, is there any pattern we can match for solaris logs
>>>>> that you may know ?
>>>>>
>>>>> Thanks,
>>>>> Vijay Amrut.
>>>>>
>>>>>
>>>>> ______________________________________________________________________________
>>>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>>>> Documentation:
>>>>> http://www.balabit.com/support/documentation/?product=syslog-ng
>>>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>>>
>>>>>
>>>>>
>>>>
>>>> ______________________________________________________________________________
>>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>>> Documentation:
>>>> http://www.balabit.com/support/documentation/?product=syslog-ng
>>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>>
>>>>
>>>>
>>>
>>>
>>> --
>>> Thanks,
>>> Vijay Amrut.
>>>
>>>
>>>
>>>
>>> ______________________________________________________________________________
>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>> Documentation:
>>> http://www.balabit.com/support/documentation/?product=syslog-ng
>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>
>>>
>>>
>>
>>
>> ______________________________________________________________________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation:
>> http://www.balabit.com/support/documentation/?product=syslog-ng
>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20151101/f8f66b74/attachment-0001.htm
More information about the syslog-ng
mailing list