[syslog-ng] Possible elementary question

Fekete, RĂ³bert robert.fekete at balabit.com
Thu Nov 10 08:18:03 UTC 2016 

Hi,

The configs in your mail refer to your local servers, and you  want to
segregate the logs on your central logserver into separate files.
For that, you have to use a file destination on the logserver that uses
macros in its filename, something like:

destination d_file {
        file("/var/log/${HOST}/${PROGRAM}.log");};

(Though I'd recommend using some DATE macros as well)

For details, see
https://www.balabit.com/documents/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html/configuring-destinations-file.html

HTH,

Robert

On Thu, Nov 10, 2016 at 2:13 AM, Varugis Kurien <vkurien at midfinsystems.com>
wrote:

> I'm having some conniptions doing central logging using syslog-ng. Here is
> the scenario:
>
>    1. I generate logs using syslog-ng on local servers and then send them
>    to a log-destination server. Here is an example of some of the conf files
>    on the generating server:
>
> *more iptables.log.conf *
>
> *source s_var_log_iptables.log { file("/var/log/iptables.log"
> program-override(var_log_iptables.log) flags(no-parse)); }; log {
> source(s_var_log_iptables.log); destination(d_midfin_logger_2);  };*
>
>
> *more midfin_logger_2.conf *
>
>
>
>
>
>
>
> *template t_sdx_tagged {     template("$ISODATE $HOST $PROGRAM $MSG ");
>     template_escape(no); }; destination d_midfin_logger_2 { tcp(
> "10.4.16.161" port(514) template(t_sdx_tagged)); }; *
>
> What I am trying to do on the log host is to:
>
>
>    1. Segregate at the top level by host. For each such host:
>       1. Split the logs into different directories so that for example,
>       I'll have one directory for the audit log from that host, another for
>       iptables etc - so that under each host I'll have /var/log/iptables.log etc.
>
> I've been unable to grok the documentation to figure out quite how to do
> this and would really appreciate some help.
>
> thanks
> vk
> ==
>
>
>
> ____________________________________________________________
> __________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?
> product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20161110/1fb06a1b/attachment.html>

More information about the syslog-ng mailing list