[syslog-ng] rsyslog to syslog-ng
Evan Rempel
erempel at uvic.ca
Thu May 22 17:24:57 CEST 2008
Personally I would use the configuration of postgresql to make the two
log streams distinguishable from one another.
Postgresql has three settins
log_destination=syslog
syslog_facility=local0
syslog_ident=postgres-instance
I would use the syslog_ident setting to place a distinct PROGRAM name onto
the log message from each postgresql server. Then you can use
the program filter of syslog-ng to filter them out and place them into individual files.
If you can't get the postgresql administrators to change these settings, then you could
resort to a combonation of syslog-ng filters
filter f_postgres1 { program(^postgres$) and host(^host1$); };
filter f_postgres2 { program(^postgres$) and host(^host2$); };
Evan Rempel.
Robert Shaw wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi,
>
> I'm having a problem with logs from rsyslog to syslog-ng can't detect
> facility so I can't separate applications, this is important, mostly
> because we have 2 instances of postgres that need to be in separate
> logfiles.
>
> So instead of having pgsql0 and pgsql1 files created its all dumped into
> syslog, so we can't differentiate between the two postgres instances.
>
> The syslog-ng instance is our central logging host, and the reason we
> are using rsyslog is because one of our specific applications needs it.
>
> I hope these config files help, I really need to get this sorted, if
> anyone could help it would be great
>
> rsyslog.conf
>
> # PostgreSQL logging stuff
> local0.* @loghost;RSYSLOG_TraditionalFileFormat
> local1.* @loghost;RSYSLOG_TraditionalFileFormat
>
>
> syslog-ng.conf
> options
> {
> chain_hostnames(no);
> create_dirs (yes);
> dir_perm(0755);
> keep_hostname(yes);
> log_fifo_size(1024);
> perm(0644);
> sync(0);
> time_reopen (10);
> use_dns(yes);
> use_fqdn(yes);
> sync(0);
> };
>
>
> # Local logging and getting logs from remote via UDP
> source net
> {
> udp();
> tcp(port(5140) keep-alive(yes));
> };
>
> destination net_log {
> file("/var/log/hosts/${HOST}/${YEAR}/${MONTH}/${DAY}/syslog"); };
> destination pgnet_log0 {
> file("/var/log/hosts/${HOST}/${YEAR}/${MONTH}/${DAY}/pgsql0"); };
> destination pgnet_log1 {
> file("/var/log/hosts/${HOST}/${YEAR}/${MONTH}/${DAY}/pgsql1"); };
>
> filter f_pgsql0 { facility(local0); };
> filter f_pgsql1 { facility(local1); };
>
> log { source(net); filter(f_pgsql0); destination(pgnet_log0); };
> log { source(net); filter(f_pgsql1); destination(pgnet_log1); };
>
> log { source(net); destination(net_log); };
>
>
> Cheers,
> Rob Shaw
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iQEVAwUBSDUKu3LIVYILPVW0AQL9JAf9E28U7AQK25o9FwAd4xVb11GObxuZkusu
> q/IwL/+92LDB97PQ1fB9fdLUmP7MABYk+N6+kohrCJtWM+TpY5OoUBt0kE6PMBI7
> Nj5GVi/IlkRMCTHrVlsNdfcciQeY2+WPlJAtFJJbwIA+kzj0O/keG6lSpFcfZ0BN
> Eg536qlaOLVHQIUq7N8NzjZTkLr2FkAxEMVfOKpOryDjuTcnyrdmZ5iqx7n+nY4y
> VPtQW1mNwTs9BRf80g/Vx+DzNdoK0MbXKTogkMSNBoNSia8tvatA7CW+45TO3ucG
> gwo4KtRlS5BgRS++cMgmFwkDSPiI4cNYDGrAMWwch8o2yqSyIXf8Cw==
> =Tfas
> -----END PGP SIGNATURE-----
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
>
--
Evan Rempel erempel at uvic.ca
Senior Programmer Analyst 250.721.7691
Computing Services
University of Victoria
More information about the syslog-ng
mailing list