Filtering Syslog-NG

To: debian-user@lists.debian.org
Subject: Filtering Syslog-NG
From: Nathan <debian@ucwv.edu>
Date: Wed, 05 Sep 2007 11:06:56 -0400
Message-id: <[🔎] 46DEC610.7030208@ucwv.edu>

I've got several hosts all dumping their syslog logs to a dedicated boxrunning syslog-ng. As it stands I used the following line in thesyslog-ng.conf file to create seperate files and directories for thedifferent boxes.

destination d_ALL {file("/var/log/$R_YEAR/$R_MONTH/$HOST/$R_YEAR-$R_MONTH-$R_DAY"); };

I need to filter out the logs from one host and have it go to adifferent destination.


I setup the following destination:

destination d_CUDA {file("/var/log/CUDA/$R_YEAR/$R_MONTH/$R_YEAR-$R_MONTH-$R_DAY"); };



and I setup the following filter:

filter f_cuda      { host(x.x.x.x); };



and the folling "log" rule:

log { source(s_ACS); filter(f_cuda);    destination(d_CUDA); };

However it isn't working. The new directory isn't being created and thelogs are still going to the old destination. I think the problem iswith my filter. Does using a 'host' filter block messages or allow them?

What do I need to do filter out the logs from that host from going tothe "d_ALL" destination and force it to go to "d_CUDA" instead? Thanks.


Nathan

Reply to:

Follow-Ups:
- Re: Filtering Syslog-NG
  - From: Allan Wind <allan_wind@lifeintegrity.com>

Prev by Date: Re: package system broken by aptitude removing cupsys -- correction
Next by Date: Re: crontab -e
Previous by thread: Remote SNMP respo
Next by thread: Re: Filtering Syslog-NG
Index(es):
- Date
- Thread