Multiple syslog-ng destination loghosts

Posted by pablo808 on Server Fault See other posts from Server Fault or by pablo808
Published on 2013-11-07T00:51:11Z Indexed on 2013/11/07 3:59 UTC
Read the original article Hit count: 565

Filed under:
|

I am currently forwarding logs to one remote destination loghost.

filter f_windows { program("Security-Audit*"); };
log { source(r_sys); filter(f_windows); destination(d_windows); };
log { source(r_sys); filter (f_windows); destination(d_loghost); };

I would like to forward these logs to two additional remote destination loghost's.

The manual defines destination syntax as:

destination <identifier> { 
                destination-driver(params); destination-driver(params); ... };

Tried these different configs:

Define additional destinations hosts in d_loghost:

destination d_loghost { udp("server1" port(514)); udp("server2" port(514)); udp("server3" port(514));};
filter f_windows { program("Security-Audit*"); };
log { source(r_sys); filter (f_windows); destination(d_loghost); };

Define addtional destination hosts in their own d_loghost definitions:

destination d_loghost1 { udp("server1" port(514)); 
destination d_loghost2 { udp("server2" port(514));
destination d_loghost3 { udp("server3" port(514));
filter f_windows { program("Security-Audit*"); };
log { source(r_sys); filter (f_windows); destination(d_loghost1); };
log { source(r_sys); filter (f_windows); destination(d_loghost2); };
log { source(r_sys); filter (f_windows); destination(d_loghost3); };

Both fail unfortuantly, what am I missing?

Thanks.

© Server Fault or respective owner

Related posts about logging

Related posts about syslog-ng