Basically we will:
- to listen udp port 512 on interface to network hardware subnet, and vigor’s subnet
- to filter hosts by ip (because we are not using DNS for hardware hosts now)
- to filter vigor by internal router name “ITIM-office”
- to put logs into
- /var/log/remote/office/switches/$YEAR/$YEAR-$MONTH-$DAY/$HOST-$FACILITY-$YEAR$MONTH$DAY.log
- /var/log/remote/office/access_points/$YEAR/$YEAR-$MONTH-$DAY/$HOST-$FACILITY-$YEAR$MONTH$DAY.log
- /var/log/remote/office/vigor/$YEAR/$YEAR-$MONTH-$DAY/vigor-$FACILITY-$YEAR$MONTH$DAY.log
syslog-ng.conf example
source s_udp {
udp(
ip(10.0.254.1)
port(514)
);
};
source s_udp6 {
udp(
ip(10.0.0.2)
port(514)
);
};
destination d_vigor {
file(
"/var/log/remote/office/vigor/$YEAR/$YEAR-$MONTH-$DAY/vigor-$FACILITY-$YEAR$MONTH$DAY.log"
owner(root) group(root) perm(0640) dir_perm(0750) create_dirs(yes)
);
};
destination d_switches_o {
file(
"/var/log/remote/office/switches/$YEAR/$YEAR-$MONTH-$DAY/$HOST-$FACILITY-$YEAR$MONTH$DAY.log"
owner(root) group(root) perm(0640) dir_perm(0750) create_dirs(yes)
);
};
destination d_ap_o {
file(
"/var/log/remote/office/access_points/$YEAR/$YEAR-$MONTH-$DAY/$HOST-$FACILITY-$YEAR$MONTH$DAY.log"
owner(root) group(root) perm(0640) dir_perm(0750) create_dirs(yes)
);
};
filter f_vigor{ program("ITIM-office"); };
filter f_switches_o{ host("^10\.0\.254\.2$"); };
filter f_ap_o{
host("^10\.0\.254\.10$") or
host("^10\.0\.254\.11$") or
host("^10\.0\.254\.12$") or
host("^10\.0\.254\.13$");
};
log {
source(s_udp);
filter(f_vigor);
destination(d_vigor);
};
log {
source(s_udp);
filter(f_switches_o);
destination(d_switches_o);
};
log {
source(s_udp);
filter(f_ap_o);
destination(d_ap_o);
};