I've got several hosts all dumping their syslog logs to a dedicated box
running syslog-ng. As it stands I used the following line in the
syslog-ng.conf file to create seperate files and directories for the
different boxes.
destination d_ALL {
file("/var/log/$R_YEAR/$R_MONTH/$HOST/$R_YEAR-$R_MONTH-$R_DAY"); };
I need to filter out the logs from one host and have it go to a
different destination.
I setup the following destination:
destination d_CUDA {
file("/var/log/CUDA/$R_YEAR/$R_MONTH/$R_YEAR-$R_MONTH-$R_DAY"); };
and I setup the following filter:
filter f_cuda { host(x.x.x.x); };
and the folling "log" rule:
log { source(s_ACS); filter(f_cuda); destination(d_CUDA); };
However it isn't working. The new directory isn't being created and the
logs are still going to the old destination. I think the problem is
with my filter. Does using a 'host' filter block messages or allow them?
What do I need to do filter out the logs from that host from going to
the "d_ALL" destination and force it to go to "d_CUDA" instead? Thanks.
Nathan
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
