Date: Thu, 26 Feb 2009 09:27:50 -0600 From: Jeffrey Goldberg <jeffrey@goldmark.org> To: Paul Halliday <paul.halliday@gmail.com> Cc: questions@freebsd.org Subject: Re: Can stock syslog do hostA -> fileA? Message-ID: <914629F3-8411-4B69-A5C5-B55055E29E7E@goldmark.org> In-Reply-To: <2dab70a30902260619j67d56555g3de8dfd4a60a1abe@mail.gmail.com> References: <2dab70a30902260619j67d56555g3de8dfd4a60a1abe@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Feb 26, 2009, at 8:19 AM, Paul Halliday wrote:
> I am collecting syslogs from a PIX and a couple of Barracudas. It
> would be a lot easier for each to have their own logfile. I have been
> poking around a bit; I saw this one:
>
> +host1 /var/log/host1
>
> but it doesn't appear to work.
Years ago I tried and failed at the same. Since then, I've moved to
syslog-ng which I've been extremely happy with.
Here is the bit in my syslog-ng.conf file for logging things from
remote hosts
# for stuff from remote hosts:
destination hosts {
file("/var/log/HOSTS/$HOST/$YEAR/$MONTH/$DAY/$FACILITY-$YEAR$MONTH
$DAY"
owner(daemon) group(wheel) dir_owner(daemon) dir_group(wheel)
perm(0640) dir_perm(0750) create_dirs(yes));
};
log {
source(s_udp);
destination(hosts);
};
Cheers,
-j
--
Jeffrey Goldberg http://www.goldmark.org/jeff/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?914629F3-8411-4B69-A5C5-B55055E29E7E>