On Thu, 18 Dec 2014, Anderson, Richard O - (ric) wrote:
I’ve inherited a log server with multiple IPs, and the current logging tool (syslog-ng) selects output files based on the IP the message was sent too (e.g., routers send logs to 1.2.3.4, computers send logs to 1.2.3.5 both of which are IPs on eth0 of the syslog server). There are sub-selections within the IP based on facility, priority, message content, and in some RARE cases the sender’s IP.Is there some way to support this scheme via rsyslog-5.8.10 on RHEL6? It looks like udp’s input() supports an address to bind too, but tcp’s input() doesn’t appear to have that option, and I’m not sure how I could leverage that to guide messages to different log files anyway.
Rsyslog doesn't have a way to look at what IP the message was delivered to (although, you are the second or third person to ask for this in the last few months, so we may need to add a property for this)
what rsyslog can do is to have multiple inputs and tell you which input was used. I don't know if you can use the same port with different IP addresses in the input declarations, or if you would have to use different ports and then use iptables to redirect traffic sent to the standard port on different IPs to different ports. I know the second approach will work, but the first is enough cleaner that it's worth trying. Make sure you are using a current version of rsyslog so you have the more modern config syntax, it makes things much more clear for messy things like this.
If there is any other way of classifying the different types of messages, rsyslog can probably support it, this is the only gap I am aware of.
David Lang
_______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
