[syslog-ng] Forcing remote syslog request from 1 IP into 1 log file

[Fabien Wernli]

Hi,

On Fri, Jul 27, 2018 at 11:55:42AM +0200, freebsd at tango.lu wrote:
> How do I force all the logs into one logfile for this one specific host?
> If possible I don't want to change my current rules just extend them.

You could use the SOURCEIP macro or the netmask filter.
There are multiple ways to achieve what you ask, many depending on the
syslog-ng version you use and on your config. The most compatible way to do
it is probably using a separate log path:

    log {
      source(s_syslog);
      filter {
        netmask(10.0.0.1/32)
      };
      destination(d_net_some_host);
      flags(final);
    };

Notice the "final" flag which makes sure the message won't make it to other
log paths.