syslog-ng 日誌發送到多個目的地

我將遠端 nginx 系統日誌發送到我的 syslog-ng 伺服器上的 /var/log/nginx 和 /var/log/splunk。我怎樣才能讓它去/var/log/nginx？

#/etc/syslog-ng/syslog-ng.conf
source s_sys {
   system();
   internal();
   udp(ip(0.0.0.0) port(514));
};

destination d_splunk { file("/var/log/splunk/$HOST-$PROGRAM-$YEAR-$MONTH-$DAY.log"); };
destination d_nginx { file("/var/log/nginx/$HOST-$PROGRAM-$YEAR-$MONTH-$DAY.log"); };

filter f_nginx   { program(nginx); };
filter f_default    { level(info..emerg) and
                       not (facility(mail)
                       or facility(authpriv)
                       or facility(cron)); };

log { source(s_sys); filter(f_nginx); destination(d_nginx); };
log { source(s_sys); destination(d_splunk); };

在 nginx 日誌路徑中使用“final”標誌：

log { source(s_sys); filter(f_nginx); destination(d_nginx); flags(final); };

有關詳細資訊，請參閱https://syslog-ng.com/documents/html/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html/reference-logflags.html

引用自：https://serverfault.com/questions/893790