<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-15"
http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
you need a way to differential between the 3 processes. Are they three
instances of the same program or different programs? It would help if
you could give us an example of the logs.<br>
<br>
<br>
<pre class="moz-signature" cols="72">Hari Sekhon
</pre>
<br>
<br>
jawed abbasi wrote:
<blockquote
cite="mid20070116042112.76305.qmail@web31012.mail.mud.yahoo.com"
type="cite">Thanks Kalin<br>
<br>
But problem is I can't modify the behaviour of the application (
application which I called a process), its almost impossible, because
code is not available to me.<br>
but because each process or application runs under different name, that
might help me if its possible to go with regex filtering.<br>
<br>
thanks<br>
<br>
<b><i>Kalin KOZHUHAROV <a class="moz-txt-link-rfc2396E" href="mailto:kalin.kozhuharov@jp.adecco.com"><kalin.kozhuharov@jp.adecco.com></a></i></b>
wrote:
<blockquote class="replbq"
style="border-left: 2px solid rgb(16, 16, 255); margin-left: 5px; padding-left: 5px;">
[fixed quoting]<br>
<br>
Hi Jawed,<br>
<br>
jawed abbasi wrote:<br>
>> */Kalin KOZHUHAROV <kalin.kozhuharov@jp.adecco.com>/* wrote:<br>
>><br>
>> jawed abbasi wrote:<br>
>>> Hi<br>
>>><br>
>>> I am wondering if there is a way to config syslog-ng so
that<br>
>>><br>
>>> * it receives data from multiple processes running on the
same<br>
>>> source hosts and writting top the same port, without using<br>
>>> (facility or severity levels) and still syslog writes a
separate<br>
>>> logfile for each process?<br>
>>><br>
>> Yes, it depends.<br>
>><br>
>>> for example:<br>
>>><br>
>>> HOST A runs all follwing processes which all write to same
port<br>
>>> 908<br>
>>><br>
>>> proces A<br>
>>> process b<br>
>>> process c<br>
>>><br>
>>> but different log files are created for each process.<br>
>><br>
>> If you can distinguish the output of each process, syslog-ng
can<br>
>> also (via regex). A simple way to do that is to include PID in
each<br>
>> MSG (a very common approach in non-Windoze world).<br>
><br>
><br>
> not sure what you mean include pid? how to add pid in msg? can you<br>
> give me an example<br>
PID is short for Process Identifier[1]. Generally, all processes in a OS<br>
can obtain their PID from the OS by invoking some function (e.g. `echo<br>
$$` in bash).<br>
<br>
The processes A,a,b above have to be modified to perpend their PID in<br>
their log output. For example, an excerpt from my logs:<br>
<br>
Jan 16 12:30:00 oss fcron[29796]: Job /usr/bin/test -x
/usr/sbin/run-crons && /usr/sbin/run-crons started for user
root (pid 29797)<br>
Jan 16 12:40:00 oss fcron[29941]: Job /usr/bin/test -x
/usr/sbin/run-crons && /usr/sbin/run-crons started for user
root (pid 29942)<br>
<br>
Note the end of the lines. You can filter things like that based on the<br>
"\(pid (\d+)\)" regex if I am not wrong in the syntax.<br>
<br>
That is it.<br>
<br>
[1] <a class="moz-txt-link-freetext" href="http://en.wikipedia.org/wiki/Process_identifier">http://en.wikipedia.org/wiki/Process_identifier</a><br>
<br>
All the best,<br>
<br>
Kalin.<br>
<br>
-- <br>
| A |<br>
| D |<br>
| J |<br>
| P |<br>
_______________________________________________<br>
syslog-ng maillist - <a class="moz-txt-link-abbreviated" href="mailto:syslog-ng@lists.balabit.hu">syslog-ng@lists.balabit.hu</a><br>
<a class="moz-txt-link-freetext" href="https://lists.balabit.hu/mailman/listinfo/syslog-ng">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Frequently asked questions at <a class="moz-txt-link-freetext" href="http://www.campin.net/syslog-ng/faq.html">http://www.campin.net/syslog-ng/faq.html</a><br>
<br>
</kalin.kozhuharov@jp.adecco.com></blockquote>
<br>
<p> </p>
<hr size="1">Everyone is raving about <a
href="http://us.rd.yahoo.com/evt=45083/*http://advision.webevents.yahoo.com/mailbeta">the
all-new Yahoo! Mail beta.</a>
<pre wrap="">
<hr size="4" width="90%">
_______________________________________________
syslog-ng maillist - <a class="moz-txt-link-abbreviated" href="mailto:syslog-ng@lists.balabit.hu">syslog-ng@lists.balabit.hu</a>
<a class="moz-txt-link-freetext" href="https://lists.balabit.hu/mailman/listinfo/syslog-ng">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a>
Frequently asked questions at <a class="moz-txt-link-freetext" href="http://www.campin.net/syslog-ng/faq.html">http://www.campin.net/syslog-ng/faq.html</a>
</pre>
</blockquote>
</body>
</html>