-
Title
Sending messages from the same source to different destinations. (Syslog-ng PE) -
Description
In a situation where messages are received in from a number of different hosts through the same source there may be a requirement to send the messages to different destinations depending on hostname
-
Cause
By design -
Resolution
In the following examples messages are received into the syslog-ng server from two different appliances called “dc1” and “dc2”. The source driver for both appliances is the same.
Resolution 1.
The easiest way to separate the messages by hostname is to send logs to a destination with the hostame in the file name as in the following example.
log {
source(s_common);
destination {file("/var/log/syslog_destination/messages.${HOST}.log");};
};
Resolution 2.
If having the hostname as part of the destination file name is not desirable, then filters can be used to separate the messages before sending them to their respective destinations.
The following configuration sends the messages from “dc1” to a file called “messages.a.log” and from “dc2” they go to “messages.b.log”.
log {
source(s_common);
filter { host("dc1") };
destination {file("/var/log/messages.a.log");};
log {
filter { host("dc2") };
destination {file("/var/log/messages.b.log");};
};
};
-
Additional Information
Please note that above configurations apply equally to logstores as well as destination files.