Hi All

I'm looking for a way to be able to log messages generated by a network host onto my CentOS 5.2 box into an individual file.

Now setting up syslog (I'm using the default sysklogd for CentOS) is the easy part; I've ensured that the following line is present in my /etc/sysconfig/syslog file:

This works a treat... the only issue is that the network host creates the following types of messages (i.e. Facilities and Priorities):

... the problem that I have is that these get put into the same file as anything else using these matching facilities (local7 being a good example as this logs by default to /var/log/boot.log). What I'd like to do is be able to filter the incoming messages by IP address as well. So for example, I'd like to say "if the syslog message is coming from 192.168.1.11 and has local7.warn as the facility & priority log it to /var/log/192.168.1.11.log"

I've done a lot of looking around but have had no joy... can anyone tell me to RTFM in the right direction?

Thanks for reading! Simp.

*cough* syslog-ng *cough*

The rpm will function exactly the same as the standard syslogd and klogd configs with centos, and then it's really quite nice to add extra config to do what you want, in a much nicer way that syslogd.conf allows.

Cool! Thanks all... I'll check it out and let you know how I get on.

Hi Guys

Many thanks for the pointer - this is exactly what I was after!

Simp.

syslog-ng is pretty great. Many people don't like the alternative syntax on principle, when there are other syslogd replacements like rsyslog which keep the same basic syntax. But ng is great and very flexible without being necessarily complicated.

Hi Chris

Thanks for that - do you have any recommendation on documentation for the free version, there seem to be two available.

Don't worry if you don't just thought I'd ask the question

OL

http://www.campin.net/syslog-ng/faq.html this is a great page, lots of clever hangups dealt with there.