>> >> you can filter on anything else (a very common thing is to filter on the > programname), which is far more powerful. >> >> When you deliver logs between machines you can even filter on multiple > conditions, so you can filter on the combination of hostname and > programname. >> >> David Lang >> > > I am receiving logs from around 200 network elements. > > How do I start a second rsyslogd? Is it some parameter in config file where > I can define a second IP to bind to like in syslog-ng?
I agree with David that using programname and templates is the way to go. However, if you wanted to to manually split everything up you could consider creating rulesets and binding them to ports. A good approach would be to configure rsyslog once with dynamic templates using hostname or ip or programname; then, if you add more network elements, you do not have to restart or touch rsyslog. _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
