ansible_cache/dnaclab_linux/roles/services/files/syslog-ng-network-devices.conf

#Options

options {
        create-dirs(yes);
        owner(administrator);
        group(administrator);
        perm(0640);
        dir-owner(administrator);
        dir-group(administrator);
        dir-perm(0750);
};

#Sources

source s_regular { tcp(port(5140)); };
source s_cisco { tcp(port(5141) flags(no-parse,store-raw-message)); };
source s_servers { tcp(port(5142) flags(no-parse,store-raw-message)); };

#Templates

template t_jsonfile {
    template("$(format-json --scope rfc5424 --scope dot-nv-pairs --rekey .* --shift 1 --scope nv-pairs --key ISODATE)\n");
};

#Parsers

parser p_cisco { cisco-parser(); };

#Destinations

destination d_raw {
    file("/home/administrator/Desktop/SYSLOG/RAW_LOGS/$HOST-$YEAR-$MONTH-$DAY.log" template("${RAWMSG}\n"));
};
destination d_from_cisco {
    file("/home/administrator/Desktop/SYSLOG/CISCO_DEVICES/$HOST-$YEAR-$MONTH-$DAY.log" template(t_jsonfile));
};
destination d_from_servers {
    file("/home/administrator/Desktop/SYSLOG/SERVERS/$HOST-$YEAR-$MONTH-$DAY.log" );
};

#Loggers

log {
    source(s_regular);
    destination(d_raw);
};
log {
    source(s_cisco);
    parser(p_cisco);
    destination(d_from_cisco);
};
log {
    source(s_servers);
    destination(d_from_servers);
};