Config.xml (Example) since 1.056
Description per Tag Configuration example in a switched network
| Tag | Description | Possible Values | ParentTag | |
| output_screen | If this value is set True, Syslserve will also output to the console screen. If False this will not happen. |
True / False | settings | |
| raw | If this value is set True, Syslserve will store the messages as they come in without any addiitional information, like date/time. |
True / False | settings | |
| filesize | The Maximum filesize of a log file |
greater than 0 | settings | |
| output_dir | The output dir is the root directory of the location where the log files are stored. Futher seperation will be defined in the maps. |
settings | ||
| port | The Port where syslserve is listening on for incoming messages, by default this is 514. |
0 - 65535 | settings | |
| maps | In maps it is possible to define groups and combine logs based on IP. | |||
| group | maps | |||
| Properties | ||||
| name | name defines the name of the group. The name of the group will be used for naming the subfolder below the root folder , defined in the setting: output_dir. | |||
| ip | Contains the IP Address of a device. The IP's that are defined within the group are the devices that have there logs stored in the same group file(s). Rotation settings are applied for all groups the same way. Devices that aren't defined within any group are by default stored in their on folder with the IP-address as the folder name. |
group | ||
Syslserve Server settings:
<settings>
<output_screen> False </output_screen>
<raw> False </raw>
<filesize> 1024 </filesize>
<output_dir> c:\output </output_dir>
<port> 514 </port>
</settings>
<maps>
<group name="serverpark">
<ip>192.168.7.2</ip>
<ip>192.168.7.3</ip>
</group>
<group name="routers">
<ip>192.168.7.254</ip>
</group>
<group name="workstations">
<ip>192.168.7.101</ip>
<ip>192.168.7100</ip>
</group>
</maps>
In this example their are 3 groups defined namely: serverpark, routers and workstations .
For example: if a syslog message would be received that is coming from Server A with the ip 192.168.7.2 it will be stored in the logs that are in the directory C:\output\serverpark\
You can have as many groups as you like and name them as you wish. Also their is no limitation to the amount of IP's you can put in the group.
Syslog messages are not routed out of this network by RouterA. So you won't receive syslog message from the internet nor your syslog messages are sended out to the internet.
Client configuration:
Two ways in configuring the syslog clients
Using the Ip-Address of the Syslog Server
The most straight forward approach on configuring the syslog server and clients. Clients set their host address to: 192.168.7.3 and the port 514.
Using the network-address, broadcasting the syslog messages
You can also use the network-address. In above example we have a subnetmask 255.255.255.0 . Our network-address is: 192.168.7.255. This address we can use configuring the syslog clients instead of 192.168.7.3. The syslog message will get broadcasted through the whole network. It's a bit less efficient because it generates more traffic. On the other hand, the syslog server might be a bit more invisible or you can have multiple syslog servers receiving duplicate messages.