MonitorWare Knowledge Base

Hi,

Is it possible for Winsyslog to do what some other sysloggers can do in separating the syslogs. For example on the same box:

1) All my servers send to the syslog server, and it labels it as "server_logs_date..."

2) Then network devices like routers, switches and firewalls sends it to the same box, and winsyslog somehow recognizes it and puts it in a new file and calls it "networkdevices_logs_date.."

The routers/firewalls/switches really generate a huge amount of logs and also good practice to separate them from the server logs because they are monitored by different people.

Thanks.

Hi,

sure, this is no problem at all. I think we even have (one of) the most flexible engines to do this [no marketing speek ].

It all depends on what you define in your rule set. You can take any message, filter it (e.g. against IP address, message text, tag id etc etc) and then decide what to do with it. There is no limit on the number of rules, so you can handle a very diverse set of files, databases etc. We even have an "easy" option that allows you to automatically split the incoming messages into seperate files based on the IP adress of the sender.

The bottom line, though, is that you look at how rules are defined. There is a lot of information in the manual and also there are samples on the web sites. If you need some specific help, let us know what exactly you would like to do and we can create a sample rule set (but this may take a day or two).

Rainer