[syslog-ng] Possible elementary question

[Varugis Kurien]

I'm having some conniptions doing central logging using syslog-ng. Here is the scenario:

  1.  I generate logs using syslog-ng on local servers and then send them to a log-destination server. Here is an example of some of the conf files on the generating server:

more iptables.log.conf
source s_var_log_iptables.log { file("/var/log/iptables.log" program-override(var_log_iptables.log) flags(no-parse)); };
log { source(s_var_log_iptables.log); destination(d_midfin_logger_2);  };


more midfin_logger_2.conf
template t_sdx_tagged {
    template("$ISODATE $HOST $PROGRAM $MSG
");
    template_escape(no);
};
destination d_midfin_logger_2 { tcp( "10.4.16.161" port(514) template(t_sdx_tagged)); };



What I am trying to do on the log host is to:


  1.  Segregate at the top level by host. For each such host:
     *   Split the logs into different directories so that for example, I'll have one directory for the audit log from that host, another for iptables etc - so that under each host I'll have /var/log/iptables.log etc.

I've been unable to grok the documentation to figure out quite how to do this and would really appreciate some help.

thanks
vk
==


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20161110/1dc42f72/attachment.html>