[syslog-ng] Forcing remote syslog request from 1 IP into 1 log file

freebsd at tango.lu freebsd at tango.lu
Fri Jul 27 09:55:42 UTC 2018


Hello,

I have a syslog server setup which works quite well for most of the 
hosts:

destination d_net_debug {
file("/var/log/$HOST/debug"); };

destination d_net_error {
file("/var/log/$HOST/error"); };

This way I dont have to define every host which logs there but they will 
be autocreated.

I have a quite misbehaving Asus router device however which keep sending 
strings like:

FTP
WAN(11)
WAN(8)
WAN(3)

as host therefore syslog-ng interpret these messages like it would be 
coming from different $HOSTs and keep creating directories for them.

2018-07-22T20:45:59+02:00 WAN Connection: Wan link down.
2018-07-24T16:12:20+02:00 WAN Connection: Wan link down.
2018-07-22T20:45:59+02:00 WAN Connection: Wan link down.
2018-07-24T16:12:20+02:00 WAN Connection: Wan link down.


How do I force all the logs into one logfile for this one specific host?
If possible I don't want to change my current rules just extend them.

Thank you.



More information about the syslog-ng mailing list