anthony<br><br>does this matching or filtering costs in terms of CPU and MEM.<br>I mean if I use this will it raise CPU usage drastically.<br>My applications are logging hogs, just to give you idea that just <br><br>programA generate few 100 MB in an hour.<br><br>will you be able to point me to some more reading material regarding this match and filter I have got involved lately with syslog-ng, so I am not wel versed with syslog-ng.<br>also i have heard about using macros, Is this match and filter utility a type of Macro?<br><br>thanks<br><br><b><i>anthony lineham <anthony.lineham@alliedtelesis.co.nz></i></b> wrote:<blockquote class="replbq" style="border-left: 2px solid rgb(16, 16, 255); margin-left: 5px; padding-left: 5px;"> Sorry, I just realised your log messagess are coming from a different<br>device so, as someone else<br>has said, use the match() utility instead.<br><br>Anthony<br> <br>>>> "anthony lineham" <anthony.lineham@alliedtelesis.co.nz>
01/17/07<br>8:56 AM >>> <br>Hi Jawad,<br><br>Have you considered using the program name filter utility? <br>eg:<br>filter f_appA { program(appA); };<br><br> I'm using it in my current application and it seems to work very<br>nicely.<br><br>Regards<br>Anthony<br><br>>>> jawed abbasi <jabbasi@yahoo.com> 16/01/2007 5:21 p.m. >>><br>Thanks Kalin<br><br>But problem is I can't modify the behaviour of the application (<br>application which I called a process), its almost impossible, because<br>code is not available to me.<br>but because each process or application runs under different name,<br>that<br>might help me if its possible to go with regex filtering.<br><br>thanks<br><br>Kalin KOZHUHAROV <kalin.kozhuharov@jp.adecco.com> wrote: [fixed<br>quoting]<br><br>Hi Jawed,<br><br>jawed abbasi wrote:<br>>> */Kalin KOZHUHAROV /* wrote:<br>>><br>>> jawed abbasi wrote:<br>>>> Hi<br>>>><br>>>> I am wondering if there
is a way to config syslog- ng so that<br>>>><br>>>> * it receives data from multiple processes running on the same<br>>>> source hosts and writting top the same port, without using<br>>>> (facility or severity levels) and still syslog writes a separate<br>>>> logfile for each process?<br>>>><br>>> Yes, it depends.<br>>><br>>>> for example:<br>>>><br>>>> HOST A runs all follwing processes which all write to same port<br>>>> 908<br>>>><br>>>> proces A<br>>>> process b<br>>>> process c<br>>>><br>>>> but different log files are created for each process.<br>>><br>>> If you can distinguish the output of each process, syslog- ng can<br>>> also (via regex). A simple way to do that is to include PID in each<br>>> MSG (a very common approach in non- Windoze world).<br>><br>><br>> not sure what you
mean include pid? how to add pid in msg? can you<br>> give me an example<br>PID is short for Process Identifier[1]. Generally, all processes in a<br>OS<br>can obtain their PID from the OS by invoking some function (e.g. `echo<br>$$` in bash).<br><br>The processes A,a,b above have to be modified to perpend their PID in<br>their log output. For example, an excerpt from my logs:<br><br>Jan 16 12:30:00 oss fcron[29796]: Job /usr/bin/test - x<br>/usr/sbin/run- crons && /usr/sbin/run- crons started for user root<br>(pid<br>29797)<br>Jan 16 12:40:00 oss fcron[29941]: Job /usr/bin/test - x<br>/usr/sbin/run- crons && /usr/sbin/run- crons started for user root<br>(pid<br>29942)<br><br>Note the end of the lines. You can filter things like that based on<br>the<br>"\(pid (\d+)\)" regex if I am not wrong in the syntax.<br><br>That is it.<br><br>[1] http://en.wikipedia.org/wiki/Process_identifier <br><br>All the best,<br><br>Kalin.<br><br>-- <br>| A |<br>| D |<br>| J
|<br>| P |<br>_______________________________________________<br>syslog- ng maillist - syslog- ng@lists.balabit.hu <br>https://lists.balabit.hu/mailman/listinfo/syslog- ng <br>Frequently asked questions at http://www.campin.net/syslog-<br>ng/faq.html<br><br><br><br><br> <br>---------------------------------<br>Everyone is raving about the all- new Yahoo! Mail beta.<br><br>_______________________________________________<br>syslog- ng maillist - syslog- ng@lists.balabit.hu<br>https://lists.balabit.hu/mailman/listinfo/syslog- ng<br>Frequently asked questions at http://www.campin.net/syslog-<br>ng/faq.html<br><br><br>_______________________________________________<br>syslog-ng maillist - syslog-ng@lists.balabit.hu<br>https://lists.balabit.hu/mailman/listinfo/syslog-ng<br>Frequently asked questions at http://www.campin.net/syslog-ng/faq.html<br><br></kalin.kozhuharov@jp.adecco.com></jabbasi@yahoo.com></anthony.lineham@alliedtelesis.co.nz></blockquote><br><p> 
<hr size=1>Now that's room service! <a href="http://travel.yahoo.com/hotelsearchpage;_ylc=X3oDMTFtaTIzNXVjBF9TAzk3NDA3NTg5BF9zAzI3MTk0ODEEcG9zAzIEc2VjA21haWx0YWdsaW5lBHNsawNxMS0wNw--
">Choose from over 150,000 hotels <br>in 45,000 destinations on Yahoo! Travel</a> to find your fit.