[syslog-ng] syslog configuration
jawed abbasi
jabbasi at yahoo.com
Tue Jan 16 14:33:39 CET 2007
Hi Hari
they are 3 diffferent programs, so here is the naming convention
AP-CC-AXXXX
AP= process type
cc= company code
A= technology type
xxxx = host number
So on host XXXX
there 6 process running which Always have
AP same
cc different
A same
xxxx same
So the only way I can differentiate them is by CC which is unique to all processes.
Thanks
Hari Sekhon <hpsekhon at googlemail.com> wrote: you need a way to differential between the 3 processes. Are they three instances of the same program or different programs? It would help if you could give us an example of the logs.
Hari Sekhon
jawed abbasi wrote: Thanks Kalin
But problem is I can't modify the behaviour of the application ( application which I called a process), its almost impossible, because code is not available to me.
but because each process or application runs under different name, that might help me if its possible to go with regex filtering.
thanks
Kalin KOZHUHAROV <kalin.kozhuharov at jp.adecco.com> wrote: [fixed quoting]
Hi Jawed,
jawed abbasi wrote:
>> */Kalin KOZHUHAROV /* wrote:
>>
>> jawed abbasi wrote:
>>> Hi
>>>
>>> I am wondering if there is a way to config syslog-ng so that
>>>
>>> * it receives data from multiple processes running on the same
>>> source hosts and writting top the same port, without using
>>> (facility or severity levels) and still syslog writes a separate
>>> logfile for each process?
>>>
>> Yes, it depends.
>>
>>> for example:
>>>
>>> HOST A runs all follwing processes which all write to same port
>>> 908
>>>
>>> proces A
>>> process b
>>> process c
>>>
>>> but different log files are created for each process.
>>
>> If you can distinguish the output of each process, syslog-ng can
>> also (via regex). A simple way to do that is to include PID in each
>> MSG (a very common approach in non-Windoze world).
>
>
> not sure what you mean include pid? how to add pid in msg? can you
> give me an example
PID is short for Process Identifier[1]. Generally, all processes in a OS
can obtain their PID from the OS by invoking some function (e.g. `echo
$$` in bash).
The processes A,a,b above have to be modified to perpend their PID in
their log output. For example, an excerpt from my logs:
Jan 16 12:30:00 oss fcron[29796]: Job /usr/bin/test -x /usr/sbin/run-crons && /usr/sbin/run-crons started for user root (pid 29797)
Jan 16 12:40:00 oss fcron[29941]: Job /usr/bin/test -x /usr/sbin/run-crons && /usr/sbin/run-crons started for user root (pid 29942)
Note the end of the lines. You can filter things like that based on the
"\(pid (\d+)\)" regex if I am not wrong in the syntax.
That is it.
[1] http://en.wikipedia.org/wiki/Process_identifier
All the best,
Kalin.
--
| A |
| D |
| J |
| P |
_______________________________________________
syslog-ng maillist - syslog-ng at lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
---------------------------------
Everyone is raving about the all-new Yahoo! Mail beta.
---------------------------------
_______________________________________________ syslog-ng maillist - syslog-ng at lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
_______________________________________________
syslog-ng maillist - syslog-ng at lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
---------------------------------
The fish are biting.
Get more visitors on your site using Yahoo! Search Marketing.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20070116/640e2c77/attachment.html
More information about the syslog-ng
mailing list