Multiple syslog-ng destination loghosts
Posted
by
pablo808
on Server Fault
See other posts from Server Fault
or by pablo808
Published on 2013-11-07T00:51:11Z
Indexed on
2013/11/07
3:59 UTC
Read the original article
Hit count: 571
I am currently forwarding logs to one remote destination loghost.
filter f_windows { program("Security-Audit*"); };
log { source(r_sys); filter(f_windows); destination(d_windows); };
log { source(r_sys); filter (f_windows); destination(d_loghost); };
I would like to forward these logs to two additional remote destination loghost's.
The manual defines destination syntax as:
destination <identifier> {
destination-driver(params); destination-driver(params); ... };
Tried these different configs:
Define additional destinations hosts in d_loghost:
destination d_loghost { udp("server1" port(514)); udp("server2" port(514)); udp("server3" port(514));};
filter f_windows { program("Security-Audit*"); };
log { source(r_sys); filter (f_windows); destination(d_loghost); };
Define addtional destination hosts in their own d_loghost definitions:
destination d_loghost1 { udp("server1" port(514));
destination d_loghost2 { udp("server2" port(514));
destination d_loghost3 { udp("server3" port(514));
filter f_windows { program("Security-Audit*"); };
log { source(r_sys); filter (f_windows); destination(d_loghost1); };
log { source(r_sys); filter (f_windows); destination(d_loghost2); };
log { source(r_sys); filter (f_windows); destination(d_loghost3); };
Both fail unfortuantly, what am I missing?
Thanks.
© Server Fault or respective owner