如果服务器分配了两个接口 .234 和 .235,我如何创建过滤器来分离传入的消息?
此配置仅输出到一个文件夹
---- 列出接口 ----
eth0:234 - 10.10.10.234
eth0:235 - 10.10.10.235
---- 系统日志-ng.conf ----
source s_net_234 {
syslog(ip(10.10.10.234) port(514) max-connections(300) transport("udp"));
};
source s_net_235 {
syslog(ip(10.10.10.235) port(514) max-connections(300) transport("udp"));
};
destination d_switches_hosts.235 {
file("/var/log/HOSTS/switches.235/$HOST_FROM/$YEAR$MONTH$DAY.log" };
destination d_switches_hosts.234 {
file("/var/log/HOSTS/switches.234/$HOST_FROM/$YEAR$MONTH$DAY.log" };
filter f_switches234 { (source(s_net_234)) };
filter f_switches235 { (source(s_net_235)) };
log { source(s_net_234);
destination(d_switches_hosts.234);
flags(final);
};
log { source(s_net_235);
destination(d_switches_hosts.235);
flags(final);
};