Hi Hari<br><br>they are 3 diffferent programs, so here is the naming convention<br><br>AP-CC-AXXXX<br><br>AP= process type<br>cc= company code<br>A= technology type<br>xxxx = host number<br><br>So on host XXXX<br><br>there 6 process running which Always have<br>AP same<br>cc different<br>A same<br>xxxx same<br><br>So the only way I can differentiate them is by CC which is unique to all processes.<br><br>Thanks<br><br><b><i>Hari Sekhon <hpsekhon@googlemail.com></i></b> wrote:<blockquote class="replbq" style="border-left: 2px solid rgb(16, 16, 255); margin-left: 5px; padding-left: 5px;"> <meta content="text/html;charset=ISO-8859-15" http-equiv="Content-Type"> you need a way to differential between the 3 processes. Are they three instances of the same program or different programs? It would help if you could give us an example of the logs.<br> <br> <br> <pre class="moz-signature" cols="72">Hari Sekhon<br></pre> <br> <br> jawed abbasi wrote: <blockquote
cite="mid20070116042112.76305.qmail@web31012.mail.mud.yahoo.com" type="cite">Thanks Kalin<br> <br> But problem is I can't modify the behaviour of the application ( application which I called a process), its almost impossible, because code is not available to me.<br> but because each process or application runs under different name, that might help me if its possible to go with regex filtering.<br> <br> thanks<br> <br> <b><i>Kalin KOZHUHAROV <a class="moz-txt-link-rfc2396E" href="mailto:kalin.kozhuharov@jp.adecco.com"><kalin.kozhuharov@jp.adecco.com></a></i></b> wrote: <blockquote class="replbq" style="border-left: 2px solid rgb(16, 16, 255); margin-left: 5px; padding-left: 5px;"> [fixed quoting]<br> <br> Hi Jawed,<br> <br> jawed abbasi wrote:<br> >> */Kalin KOZHUHAROV <kalin.kozhuharov@jp.adecco.com>/* wrote:<br> >><br> >> jawed abbasi wrote:<br> >>> Hi<br> >>><br> >>> I am wondering if there is a way to
config syslog-ng so that<br> >>><br> >>> * it receives data from multiple processes running on the same<br> >>> source hosts and writting top the same port, without using<br> >>> (facility or severity levels) and still syslog writes a separate<br> >>> logfile for each process?<br> >>><br> >> Yes, it depends.<br> >><br> >>> for example:<br> >>><br> >>> HOST A runs all follwing processes which all write to same port<br> >>> 908<br> >>><br> >>> proces A<br> >>> process b<br> >>> process c<br> >>><br> >>> but different log files are created for each process.<br> >><br> >> If you can distinguish the output of each process, syslog-ng can<br> >> also (via regex). A simple way to do that is to include PID in each<br> >> MSG (a very common approach in non-Windoze world).<br> ><br> ><br> > not
sure what you mean include pid? how to add pid in msg? can you<br> > give me an example<br> PID is short for Process Identifier[1]. Generally, all processes in a OS<br> can obtain their PID from the OS by invoking some function (e.g. `echo<br> $$` in bash).<br> <br> The processes A,a,b above have to be modified to perpend their PID in<br> their log output. For example, an excerpt from my logs:<br> <br> Jan 16 12:30:00 oss fcron[29796]: Job /usr/bin/test -x /usr/sbin/run-crons && /usr/sbin/run-crons started for user root (pid 29797)<br> Jan 16 12:40:00 oss fcron[29941]: Job /usr/bin/test -x /usr/sbin/run-crons && /usr/sbin/run-crons started for user root (pid 29942)<br> <br> Note the end of the lines. You can filter things like that based on the<br> "\(pid (\d+)\)" regex if I am not wrong in the syntax.<br> <br> That is it.<br> <br> [1] <a class="moz-txt-link-freetext"
href="http://en.wikipedia.org/wiki/Process_identifier">http://en.wikipedia.org/wiki/Process_identifier</a><br> <br> All the best,<br> <br> Kalin.<br> <br> -- <br> | A |<br> | D |<br> | J |<br> | P |<br> _______________________________________________<br> syslog-ng maillist - <a class="moz-txt-link-abbreviated" href="mailto:syslog-ng@lists.balabit.hu">syslog-ng@lists.balabit.hu</a><br> <a class="moz-txt-link-freetext" href="https://lists.balabit.hu/mailman/listinfo/syslog-ng">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br> Frequently asked questions at <a class="moz-txt-link-freetext" href="http://www.campin.net/syslog-ng/faq.html">http://www.campin.net/syslog-ng/faq.html</a><br> <br> </kalin.kozhuharov@jp.adecco.com></blockquote> <br> <div> </div> <hr size="1">Everyone is raving about <a href="http://us.rd.yahoo.com/evt=45083/*http://advision.webevents.yahoo.com/mailbeta">the all-new Yahoo! Mail beta.</a> <pre wrap=""><hr size="4"
width="90%"> _______________________________________________ syslog-ng maillist - <a class="moz-txt-link-abbreviated" href="mailto:syslog-ng@lists.balabit.hu">syslog-ng@lists.balabit.hu</a> <a class="moz-txt-link-freetext" href="https://lists.balabit.hu/mailman/listinfo/syslog-ng">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a> Frequently asked questions at <a class="moz-txt-link-freetext" href="http://www.campin.net/syslog-ng/faq.html">http://www.campin.net/syslog-ng/faq.html</a> </pre> </blockquote> _______________________________________________<br>syslog-ng maillist - syslog-ng@lists.balabit.hu<br>https://lists.balabit.hu/mailman/listinfo/syslog-ng<br>Frequently asked questions at http://www.campin.net/syslog-ng/faq.html<br><br></blockquote><br><p> 
<hr size=1>The fish are biting.<br>
<a href="http://us.rd.yahoo.com/evt=49679/*http://searchmarketing.yahoo.com/arp/sponsoredsearch_v2.php?o=US2140&cmp=Yahoo&ctv=Q107Tagline&s=Y&s2=EM&b=50"> Get more visitors</a> on your site using <a href="
http://us.rd.yahoo.com/evt=49679/*http://searchmarketing.yahoo.com/arp/sponsoredsearch_v2.php?o=US2140&cmp=Yahoo&ctv=Q107Tagline&s=Y&s2=EM&b=50">Yahoo! Search Marketing.</a>