So. I have a syslog-ng infrastructure setup where I have several
networks
that are non-routable to each other. To facilitate central logging, I
have a
collection syslog-ng box on each non-routable segment that receives log
data from the hosts there and has a leg on the core segment that it
then
forwards the logs onto the central log host.
The forwarder and the central host are both using syslog-ng.
My goal is to get each host logged to its own /var/log/$HOST/messages
directory whether it was forwarded or not. This was working earlier
with
chain_hostnames on but I would prefer, if possible, to rid myself of
the
host/forwarder format as the ip addresses are what I'm more interested
in viewing/using.
Any comments or page slaps are appreciated.
The forwarders are configured like so:
options {
keep_hostname(yes);
chain_hostnames(no);
sync(0);
stats(43200);
};
# Listen for inbound syslog on non-routable segment interface
source nrseg { udp(ip(x.x.x.x) port(514)); };
# Keep a local copy
destination messages { file("/var/log/messages"); };
# Forward to central logging host
destination logserv { tcp("y.y.y.y" port(514)); };
log { source(src); source(nrseg); destination(messages);
destination(logserv); };
And the central log host is configured thusly:
options {
long_hostnames(off);
sync(0);
use_dns(no);
create_dirs(yes);
chain_hostnames(no);
};
source src { tcp(ip(y.y.y.y)); }
destination messages { file("/var/log/$HOST/messages"); };
log { source(src); destination(messages); };
Thanks,
--Robert
_______________________________________________
LogAnalysis mailing list
LogAnalysis@private
http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2.1.3 : Thu Apr 20 2006 - 11:20:36 PDT