On Wed, Mar 08, 2023 at 03:39:07PM +0100, Noth wrote: | On 07/03/2023 06:35, All wrote: | | > Hi all, | > | > I have a server that acts as a syslog aggregator | > for several other servers. I was trying to see whether | > clients can be specified on one line but I can't see anything | > regarding syntax for such cases in man pages. | > | > Do we need to specify each client on the separate line? | > Like: | > | Hi, yes you do. | > I tried several kinds of semicolon, comma and plus syntax | > but have not being able to make it work. | > I can only see the very first host (eg. server1) in the log, not others. | | From the man page for syslog.conf: | | # Log everything coming from host bastion to a separate file. | ++bastion | *.* /var/log/bastion | +*
If you look closely at the manpage[1], it says: > Blocks starting with +host or ++host or +* work the same way as their > prog counterparts, but they match on the hostname instead of the program > name. And for the 'prog counterparts' there's this bit: > Each block of lines is separated from the previous block by a tag. The > tag is a line beginning with !prog and each block will be associated with > calls to syslog from that specific program (matched using glob(7) rules). Note the '(matched using glob(7) rules)' bit. I have this in my /etc/syslog.conf: --- syslog.conf snippet ---------------------------------------------- # - send logs from ubiquiti wifi access points to their own logfiles ++ubiquiti-*.alm.weirdnet.nl *.* /var/log/ubi +* ---------------------------------------------------------------------- Which sends the logs from ubiquiti-1, ubiquiti-2, ubiquiti-3 and so on and so forth to /var/log/ubi. So, no, you do NOT need to specify each client on a separate line, but you may have to do so if you can't glob(7) the systems together. Cheers, Paul 'WEiRD' de Weerd [1]: https://man.openbsd.org/syslog.conf.5 -- >++++++++[<++++++++++>-]<+++++++.>+++[<------>-]<.>+++[<+ +++++++++++>-]<.>++[<------------>-]<+.--------------.[-] http://www.weirdnet.nl/
