0

I have syslog-ng on Ubuntu 12.4 to store mikrotik router logs. At a moment its working fine and log gets stored in a file i set. Howto add store logs in a file/folder according to source IP so that each log file name may contain month year as well auto. My current config is as follows.

# Accept connection on UDP
source s_net { udp (); };
# Add Filter to add our mikrotik
filter f_mikrotik { host( "10.0.0.1" ); };
# Add destination file where logs will be stored
destination df_mikrotik { file("/var/log/mikrotik/mikrotik.log"); };
log { source ( s_net ); filter( f_mikrotik ); destination ( df_mikrotik ); };
stambata
  • 1,598
  • 3
  • 13
  • 18
Syed Jahanzaib
  • 169
  • 2
  • 11

1 Answers1

1

You want to use macros in your destination path or filename, for example: file("/var/log/${YEAR}.${MONTH}.${DAY}/messages"

For details, see the list of syslog-ng macros

Robert Fekete
  • 542
  • 1
  • 3
  • 6
  • Ok now syslog is making files by year/date, bu tthe problem is that when logrotate runs, it compress the file with same name with zero byte. Example: `-rw-r----- 1 root adm 0 Jun 18 00:10 mikrotik.2016.06.16.log -rw-r----- 1 root adm 210K Jun 16 23:59 mikrotik.2016.06.16.log.1.gz -rw-r----- 1 root adm 0 Jun 18 00:10 mikrotik.2016.06.17.log -rw-r----- 1 root adm 580K Jun 17 23:59 mikrotik.2016.06.17.log.1.gz -rw-r----- 1 root adm 0 Jun 19 00:02 mikrotik.2016.06.18.log -rw-r----- 1 root adm 852K Jun 18 23:59 mikrotik.2016.06.18.log.1.gz` – Syed Jahanzaib Jun 22 '16 at 08:23
  • I have following syslog-ng config for logrotate `root@ubuntu:/var/log/mikrotik# cat /etc/logrotate.d/syslog-ng /var/log/mikrotik/*.log { daily rotate 90 missingok compress notifempty missingok # invoke-rc.d syslog-ng reload > /dev/null sharedscripts /etc/init.d/syslog-ng restart endscript }` – Syed Jahanzaib Jun 22 '16 at 08:26