[syslog-ng] syslog-ng Digest, Vol 135, Issue 14
Hollósi Botond
bhollosi at opennet.hu
Mon Aug 1 16:57:55 CEST 2016
Hi Balázs,
Thank you.
The '$SOURCEIP' what i need, combined with 'flags(no-parse)'.
With this i can separate the messages by the source address contained in
the ip packet header.
config example:
source s_net_0 { network( ip(0.0.0.0) port(600) transport(udp)
flags(no-parse) ); };
destination d_file_0 {
file("/var/log/remote_log/$R_MONTH/$R_DAY/$SOURCEIP/100/$user.log"
owner(root) group(root) create-dirs(yes) perm(0700) dir-perm(0700)); };
log { source(s_net_0); destination(d_file_0); };
--
Üdvözlettel:
Hollósi Botond
Opennetworks Kft.
Tel.: 06-1-9996000
Mobil: 06-20-4362032
2016-07-31 12:00 keltezéssel, syslog-ng-request at lists.balabit.hu írta:
> Send syslog-ng mailing list submissions to
> syslog-ng at lists.balabit.hu
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> or, via email, send a message with subject or body 'help' to
> syslog-ng-request at lists.balabit.hu
>
> You can reach the person managing the list at
> syslog-ng-owner at lists.balabit.hu
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of syslog-ng digest..."
>
>
> Today's Topics:
>
> 1. Re: Central netlog server for hosts behind NAT (Scheidler)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Sat, 30 Jul 2016 20:02:00 +0200
> From: Scheidler, Bal?zs <balazs.scheidler at balabit.com>
> Subject: Re: [syslog-ng] Central netlog server for hosts behind NAT
> To: "Syslog-ng users' and developers' mailing list"
> <syslog-ng at lists.balabit.hu>
> Message-ID:
> <CANWQT2OUDC7T-8FBrg2g3zdk9nPsBAOZj8Wq-vWmzUeywxOQ1Q at mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> I am not sure I understand your usecase, and question. $HOST is populated
> based on the host field within the message and senders are free to set that
> to whatever they please.
>
> If that field is missing (which it might), syslog-ng fills that based on
> the sender IP address.
>
> There are alternative macros (such as $SOURCEIP), which is the actual IP of
> the datagram received by syslog-ng. But you can also play with $HOST
> related syslog-ng options such as keep-hostname().
>
> Could you try to rephrase your question?
> Thanks
> Bazsi
>
>
More information about the syslog-ng
mailing list