Thanks Kalin<br><br>But problem is I can't modify the behaviour of the application ( application which I called a process), its almost impossible, because code is not available to me.<br>but because each process or application runs under different name, that might help me if its possible to go with regex filtering.<br><br>thanks<br><br><b><i>Kalin KOZHUHAROV <kalin.kozhuharov@jp.adecco.com></i></b> wrote:<blockquote class="replbq" style="border-left: 2px solid rgb(16, 16, 255); margin-left: 5px; padding-left: 5px;"> [fixed quoting]<br><br>Hi Jawed,<br><br>jawed abbasi wrote:<br>>> */Kalin KOZHUHAROV <kalin.kozhuharov@jp.adecco.com>/* wrote:<br>>><br>>> jawed abbasi wrote:<br>>>> Hi<br>>>><br>>>> I am wondering if there is a way to config syslog-ng so that<br>>>><br>>>> * it receives data from multiple processes running on the same<br>>>> source hosts and writting top the same port, without
using<br>>>> (facility or severity levels) and still syslog writes a separate<br>>>> logfile for each process?<br>>>><br>>> Yes, it depends.<br>>><br>>>> for example:<br>>>><br>>>> HOST A runs all follwing processes which all write to same port<br>>>> 908<br>>>><br>>>> proces A<br>>>> process b<br>>>> process c<br>>>><br>>>> but different log files are created for each process.<br>>><br>>> If you can distinguish the output of each process, syslog-ng can<br>>> also (via regex). A simple way to do that is to include PID in each<br>>> MSG (a very common approach in non-Windoze world).<br>><br>><br>> not sure what you mean include pid? how to add pid in msg? can you<br>> give me an example<br>PID is short for Process Identifier[1]. Generally, all processes in a OS<br>can obtain their PID from the OS by invoking
some function (e.g. `echo<br>$$` in bash).<br><br>The processes A,a,b above have to be modified to perpend their PID in<br>their log output. For example, an excerpt from my logs:<br><br>Jan 16 12:30:00 oss fcron[29796]: Job /usr/bin/test -x /usr/sbin/run-crons && /usr/sbin/run-crons started for user root (pid 29797)<br>Jan 16 12:40:00 oss fcron[29941]: Job /usr/bin/test -x /usr/sbin/run-crons && /usr/sbin/run-crons started for user root (pid 29942)<br><br>Note the end of the lines. You can filter things like that based on the<br>"\(pid (\d+)\)" regex if I am not wrong in the syntax.<br><br>That is it.<br><br>[1] http://en.wikipedia.org/wiki/Process_identifier<br><br>All the best,<br><br>Kalin.<br><br>-- <br>| A |<br>| D |<br>| J |<br>| P |<br>_______________________________________________<br>syslog-ng maillist - syslog-ng@lists.balabit.hu<br>https://lists.balabit.hu/mailman/listinfo/syslog-ng<br>Frequently asked questions at
http://www.campin.net/syslog-ng/faq.html<br><br></kalin.kozhuharov@jp.adecco.com></blockquote><br><p> 
<hr size=1>Everyone is raving about <a href="http://us.rd.yahoo.com/evt=45083/*http://advision.webevents.yahoo.com/mailbeta">the all-new Yahoo! Mail beta.</a>