[tclug-list] need syslog help

[Justin Krejci]

On Tuesday 16 May 2006 10:54 am, Raymond Norton wrote:
> I am logging local7.info on 20 routers.Is there an open source syslog
> viewer that can filter by source IP. Secondly, is there a good link that
> shows how to setup syslog, so it creates separate log files for each
> router?
>

syslog-ng is very flexible

Something like this might be what you want/need. 

filter f_host1  { facility(local7) and host("host1"); };
filter f_host2  { facility(local7) and host("host2"); };

destination host1 { file("/var/log/host1"); };
log { source(src); filter(f_host1); destination(host1); };

destination host2 { file("/var/log/host2"); };
log { source(src); filter(f_host2); destination(host2); };



If you don't have DNS setup for your hosts, just add them to /etc/hosts on 
your syslog server.