Alternative, and more universal, way to do it is to use multiple IPs for
syslog server. Then configure correct syslog server IP on the device.
syslog-ng and others can all do filtering to different destinations
based on the IP where message was received.
Use 'tail -f' or similar.
The only problem is that with BASH based solutions is that they are
slow. They don't scale well.
Some years ago I wrote a script that would periodically (every 5
minutes by default) grep for interesting events / filter uninteresting
events from the syslog file and email you the results. It's here if
anyone is interested: https://null.53bits.co.uk/index.php?page=sysgrep
It's OK for a small network or small number of devices but it doesn't
scale well. Having said that, it's better than nothing and costs $0
(which exactly why I used it in the first place).
Cheers,
James.
The basic point was that you need to supply your own solution for monitoring
syslog-ng logs, be it tail or logwatch or whatever - it doesn't come with its own.
Last year I found the time to code something similar in perl using
File::Tail , here is the outcome in case anyone is interested:
https://github.com/jkougoulos/9to5tail
Regards,
John