Hello. There is a host, data (logs) from the router is flying to this host via ip. On the host, syslog-ng works, which writes everything that came to the file. PS The router does not write its data in the log.

Example

enter image description here

Question: Is it possible to somehow identify the sender on the server, for example, by Ip, if so, how? or maybe there are other methods?

Any advice would be helpful! thank

  • It’s almost certainly possible that my rsyslog ’s collection of individual messages from individual hosts is configured as follows . For syslog-ng I won’t say how, but it should be possible to specify somewhere in the destination ... If you give an example of your config and how you want to distribute the logs, most likely I can write something ... - Fat-Zer

1 answer 1

Fat-Zer, thanks for the hint, a little more googling and I found the answer: $ FULLHOST_FROM - returns the IP address of the sender.

 `destination sec_log { file('/var/log/$FULLHOST_FROM.log'); }; #создает файл (точку назначения)`