The unix team is starting to build a new centralized log server. They want to change all the Cisco logs to use local6. Thats ok, BUT, there is another group that I also send logs to that use the standard local7 on their log server. So, is there a way I can send logs using local6 to x.x.x.x, and use local7 for y.y.y.y, or is it an all or nothing situation?
Have you considered using syslog-ng? You will not be limited by facility. Within the syslog-ng.conf file you can define which logs go where. For example, I have a number of firewalls, routers and switches. I log my firewalls to separate files, all routers to one file and all switches to one file. The syslog-ng.conf file looks at the source IP address or domain name and determines where to put the log (the file name).