Originally Posted by linosaurusroot
Can you describe better what you are trying to do? If you want different kinds of log messages in different files create more selective rules on your central syslog machine. *.* or *.debug is the least selective thing possible.
Show a few lines of each type if you can.
I have a server that I want to use as a syslog server for a number of Cisco devices. I can get it running and accumulate the syslog data but I would like each device to log to its own file. The object here is to be able to go directly to a specific file in the logging directory and see all of the messages for that device. I have made something I thought was going to work based on a syslog.conf example I found with a web search but...all of the device logs wound up in the same file. I believe that the syslog data has the IP address and the hostname in each message so "grep" would work but I believe that using separate files is a better solution.
I'll try to get some examples of what I found and post them later and the logging devices are Cisco routers, switches and firewalls. I am using sysklogd as the logging daemon but I am open to suggestions.
Thanks for the reply and in advance for any assistance you can render,