In the following example, the customer has 4 servers, 1 firewall, and 1 L3 switch and wants to configure a different log file for each device.
We can achieve this by using Auto Split Values.
Using Auto_Split values eliminates the need to use filters and actions to split incoming messages into multiple log files.
C:\Program Files (x86)\Syslogd\Logs\SyslogCatchAll-%IPAdd4-%DateISO.txt
To use the AutoSplit values, place the cursor at the point you want to insert the new value and then click the "Insert AutoSplit value" link and choose from the menu items. The new variable will be placed at the current cursor position.
When a message is received, the variable will be replaced with a value from the message. For example %PriLevAA will be replaced with the message Priority level.
The AutoSplit values can be used anywhere within the path or log file name, as long as the result would make a valid file name.
Below we will use Host IP to split our log file. We will then have a different log file for each IP address.
Below we can see our 2 files from IP address x.x.x.176 & x.x.x.196.