[syslog-ng] One source multiple destinations ?

Scot scotrn at gmail.com
Sat Jan 20 15:28:20 UTC 2018 

Thanks Jim,
I have 4 configs
sources.conf
destinations.conf
filters.conf
log.conf

Can't post them without revealing sensitive network info but wanted to make
sure I wasn't assuming something should just work.
I'll post more after I dig into it but seems to favor the first matching
log destination when I switch the order and reload with syslog-ng-ctl.

log { source(s_net_tcp); filter(f_pci); destination (d_splunk_PCI);};
log { source(s_net_tcp); filter(f_pci); destination (d_sumo_PCI);};
log { source(s_net_tcp); filter(f_pci); destination (d_secureworks);};



On Fri, Jan 19, 2018 at 6:41 PM, james.r.hendrick <
james.r.hendrick at gmail.com> wrote:

> It should work. Would you share the config?
> Jim
>
>
>
> Sent from my Verizon, Samsung Galaxy smartphone
>
> -------- Original message --------
> From: Scot <scotrn at gmail.com>
> Date: 1/19/18 4:23 PM (GMT-05:00)
> To: Syslog-ng users' and developers' mailing list <
> syslog-ng at lists.balabit.hu>
> Subject: [syslog-ng] One source multiple destinations ?
>
> I'm having a problem where I am trying to take  input source(s) and write
> them out to multiple destinations.
>
> Before I go barking up the wrong tree I just wanted to make sure I wasn't
> missing something.
>
> We should be able to take a source and send it to file, elastic-search and
> SPLUNK and sumologic all at the same time right ?
>
> Troubleshooting an odd behavior where only one network destination will
> work but then I switch the order the other starts working.
>
> I know it's vague but has anyone seen this behavior?
>
> Thanks
> Scot
>
> ____________________________________________________________
> __________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?
> product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20180120/1abad466/attachment.html>

More information about the syslog-ng mailing list