1

with a server assigned two interfaces, .234 and .235, how can I create a filter separating the incoming messages ?

This configuration, only outputs to one folder

---- list interfaces ----

eth0:234 - 10.10.10.234
eth0:235 - 10.10.10.235

---- syslog-ng.conf ----

source s_net_234 {
    syslog(ip(10.10.10.234) port(514) max-connections(300) transport("udp"));
    };

source s_net_235 {
    syslog(ip(10.10.10.235) port(514) max-connections(300) transport("udp"));
    };

destination d_switches_hosts.235     {
  file("/var/log/HOSTS/switches.235/$HOST_FROM/$YEAR$MONTH$DAY.log" };

destination d_switches_hosts.234     {
  file("/var/log/HOSTS/switches.234/$HOST_FROM/$YEAR$MONTH$DAY.log" };


filter f_switches234   { (source(s_net_234)) };
filter f_switches235   { (source(s_net_235)) };


log { source(s_net_234);
      destination(d_switches_hosts.234);
      flags(final);
     };

log { source(s_net_235);
      destination(d_switches_hosts.235);
      flags(final);
     };
Aaron Copley
  • 12,525
  • 5
  • 47
  • 68
netsirk
  • 11
  • 1
  • Filter them how? – mdpc Feb 27 '12 at 17:11
  • I hope you don't mind; I improved the formatting a bit to make it easier to read your config. Please consider taking a moment to catch up on the supported markdown here: http://serverfault.com/editing-help. Welcome to SF. – Aaron Copley Feb 27 '12 at 17:18
  • If I am reading your question correctly, the receiving syslog host has the two IP addresses. However, your configuration is written for these two IPs to be the source of the logs, not the destination addresses. Is that correct? – Aaron Copley Feb 27 '12 at 18:47

0 Answers0