Customer area
I am recommending your tools to every network admin I know.
Loading...
HOW TO: Split your log files based on different sending devices

Splitting the log files based on sending device can be done in two ways:

Freeware version using different Facilities (Recommended)

  1. Divide your sending devices into groups such has Firewalls, switches, routers, internal, external, sales etc.
  2. For each group decide on a Syslog facility to use. Recommended values are from Local0 to Local7. You can use the other facilities if you have more than eight groups.
  3. On each device configure the logging facility depending on its grouping. For a Cisco device it is just a matter of using the "Logging Facility Local0" command to set the facility level to Local0. Other network devices should allow you to specify the facility to send messages on.
  4. Inthe Kiwi Syslog Daemon | Setup, create a "Log to file" Action for each group and configure a Priority-based Filter for this action. Select only the facility you want for this group. For version 6.2.9 of Syslogd, use the level of Debug to ensure that all levels are covered for that facility. For versions 6.3.0 and above, simply select all the levels for that facility to ensure all levels are caught.
  5. The setup can be tested by using Kiwi SyslogGen available from the downloads page.

Licensed version using host IP or hostname filters

  1. Divide your sending devices into groups such has Firewalls, switches, routers, internal, external, sales etc.
  2. Make a list of the IP addresses of each of the devices you expect to receive messages from.
  3. In the Kiwi Syslog Daemon | Setup, create a "log to file" Action for each group and configure a Simple Filter and apply it to the host address for this action. Add the list of IP addresses to the simple Filter 'include' text. Each address must be contained in quotes and separated by a space.
  4. The setup can be tested by using Kiwi SyslogGen available from the downloads page.

Note: From Version 7.0.0 an auto split action is included that makes this task much simpler and quicker.

Download the latest version of Kiwi Syslog Daemon.

If you still have questions after following the instructions provided, then please use the technical support form to receive further assistance.
100 % of 3 voters found this article helpful - Did you? YES NO