From owner-freebsd-questions@FreeBSD.ORG  Thu Feb 26 15:27:56 2009
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 9777610657E4
	for <questions@freebsd.org>; Thu, 26 Feb 2009 15:27:56 +0000 (UTC)
	(envelope-from jeffrey@goldmark.org)
Received: from out1.smtp.messagingengine.com (out1.smtp.messagingengine.com
	[66.111.4.25]) by mx1.freebsd.org (Postfix) with ESMTP id 6AE848FC23
	for <questions@freebsd.org>; Thu, 26 Feb 2009 15:27:56 +0000 (UTC)
	(envelope-from jeffrey@goldmark.org)
Received: from compute1.internal (compute1.internal [10.202.2.41])
	by out1.messagingengine.com (Postfix) with ESMTP id 04ED92A533A;
	Thu, 26 Feb 2009 10:27:56 -0500 (EST)
Received: from heartbeat2.messagingengine.com ([10.202.2.161])
	by compute1.internal (MEProxy); Thu, 26 Feb 2009 10:27:56 -0500
X-Sasl-enc: /KX1A0sOooB1ur8ziIWSFqKqkvpgwlKBbuyoZvXymIdz 1235662075
Received: from hagrid.ewd.goldmark.org (n114.ewd.goldmark.org [72.64.118.114])
	by mail.messagingengine.com (Postfix) with ESMTPSA id 8AC853556D;
	Thu, 26 Feb 2009 10:27:55 -0500 (EST)
Message-Id: <914629F3-8411-4B69-A5C5-B55055E29E7E@goldmark.org>
From: Jeffrey Goldberg <jeffrey@goldmark.org>
To: Paul Halliday <paul.halliday@gmail.com>
In-Reply-To: <2dab70a30902260619j67d56555g3de8dfd4a60a1abe@mail.gmail.com>
Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (Apple Message framework v930.3)
Date: Thu, 26 Feb 2009 09:27:50 -0600
References: <2dab70a30902260619j67d56555g3de8dfd4a60a1abe@mail.gmail.com>
X-Mailer: Apple Mail (2.930.3)
Cc: questions@freebsd.org
Subject: Re: Can stock syslog do hostA -> fileA?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Feb 2009 15:27:59 -0000

On Feb 26, 2009, at 8:19 AM, Paul Halliday wrote:

> I am collecting syslogs from a PIX and a couple of Barracudas. It
> would be a lot easier for each to have their own logfile. I have been
> poking around a bit; I saw this one:
>
> +host1 /var/log/host1
>
> but it doesn't appear to work.

Years ago I tried and failed at the same.  Since then, I've moved to  
syslog-ng which I've been extremely happy with.

Here is the bit in my syslog-ng.conf file for logging things from  
remote hosts

# for stuff from remote hosts:
destination hosts {
     file("/var/log/HOSTS/$HOST/$YEAR/$MONTH/$DAY/$FACILITY-$YEAR$MONTH 
$DAY"
     owner(daemon) group(wheel) dir_owner(daemon) dir_group(wheel)
     perm(0640) dir_perm(0750) create_dirs(yes));
};

log {
     source(s_udp);
     destination(hosts);
};


Cheers,

-j


-- 
Jeffrey Goldberg                        http://www.goldmark.org/jeff/