<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-15"
http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
do the logs always specify the name of the program that is logging? If
so use 3 regex filters and 3 separate destinations, then use log
statements to filter each program name to each destination. See the
manual for how to do filters, destinations and logs if you are unsure
of the syntax.<br>
<br>
eg.<br>
programname1: the program has done something worth logging<br>
programname2: this program is starting up<br>
<br>
These can be filtered by the actual log content themselves by using
match("programname1:"); inside a filter{}; and then using the filter
inside a log{}; statement with a separate destination{}; for the log
statement so that only logs matching the filter are sent to that
destination.<br>
<br>
<br>
If the program doesn't give it's own name in the log then what kind of
program is that!<br>
eg "hello this is a log to tell you an error has occurred, but you will
have to get which program on the whole OS generated it."<br>
<br>
<br>
-h<br>
<pre class="moz-signature" cols="72">Hari Sekhon
</pre>
<br>
<br>
jawed abbasi wrote:
<blockquote cite="mid858843.72487.qm@web31007.mail.mud.yahoo.com"
type="cite">Hi Hari<br>
<br>
they are 3 diffferent programs, so here is the naming convention<br>
<br>
AP-CC-AXXXX<br>
<br>
AP= process type<br>
cc= company code<br>
A= technology type<br>
xxxx = host number<br>
<br>
So on host XXXX<br>
<br>
there 6 process running which Always have<br>
AP same<br>
cc different<br>
A same<br>
xxxx same<br>
<br>
So the only way I can differentiate them is by CC which is unique to
all processes.<br>
<br>
Thanks<br>
<br>
<b><i>Hari Sekhon <a class="moz-txt-link-rfc2396E" href="mailto:hpsekhon@googlemail.com"><hpsekhon@googlemail.com></a></i></b> wrote:
<blockquote class="replbq"
style="border-left: 2px solid rgb(16, 16, 255); margin-left: 5px; padding-left: 5px;">
<meta content="text/html;charset=ISO-8859-15"
http-equiv="Content-Type">
you need a way to differential between the 3 processes. Are they three
instances of the same program or different programs? It would help if
you could give us an example of the logs.<br>
<br>
<br>
<pre class="moz-signature" cols="72">Hari Sekhon
</pre>
<br>
<br>
jawed abbasi wrote:
<blockquote
cite="mid20070116042112.76305.qmail@web31012.mail.mud.yahoo.com"
type="cite">Thanks Kalin<br>
<br>
But problem is I can't modify the behaviour of the application (
application which I called a process), its almost impossible, because
code is not available to me.<br>
but because each process or application runs under different name, that
might help me if its possible to go with regex filtering.<br>
<br>
thanks<br>
<br>
<b><i>Kalin KOZHUHAROV <a class="moz-txt-link-rfc2396E"
href="mailto:kalin.kozhuharov@jp.adecco.com"><kalin.kozhuharov@jp.adecco.com></a></i></b>
wrote:
<blockquote class="replbq"
style="border-left: 2px solid rgb(16, 16, 255); margin-left: 5px; padding-left: 5px;">
[fixed quoting]<br>
<br>
Hi Jawed,<br>
<br>
jawed abbasi wrote:<br>
>> */Kalin KOZHUHAROV <kalin.kozhuharov@jp.adecco.com>/* wrote:<br>
>><br>
>> jawed abbasi wrote:<br>
>>> Hi<br>
>>><br>
>>> I am wondering if there is a way to config syslog-ng so
that<br>
>>><br>
>>> * it receives data from multiple processes running on the
same<br>
>>> source hosts and writting top the same port, without using<br>
>>> (facility or severity levels) and still syslog writes a
separate<br>
>>> logfile for each process?<br>
>>><br>
>> Yes, it depends.<br>
>><br>
>>> for example:<br>
>>><br>
>>> HOST A runs all follwing processes which all write to same
port<br>
>>> 908<br>
>>><br>
>>> proces A<br>
>>> process b<br>
>>> process c<br>
>>><br>
>>> but different log files are created for each process.<br>
>><br>
>> If you can distinguish the output of each process, syslog-ng
can<br>
>> also (via regex). A simple way to do that is to include PID in
each<br>
>> MSG (a very common approach in non-Windoze world).<br>
><br>
><br>
> not sure what you mean include pid? how to add pid in msg? can you<br>
> give me an example<br>
PID is short for Process Identifier[1]. Generally, all processes in a OS<br>
can obtain their PID from the OS by invoking some function (e.g. `echo<br>
$$` in bash).<br>
<br>
The processes A,a,b above have to be modified to perpend their PID in<br>
their log output. For example, an excerpt from my logs:<br>
<br>
Jan 16 12:30:00 oss fcron[29796]: Job /usr/bin/test -x
/usr/sbin/run-crons && /usr/sbin/run-crons started for user
root (pid 29797)<br>
Jan 16 12:40:00 oss fcron[29941]: Job /usr/bin/test -x
/usr/sbin/run-crons && /usr/sbin/run-crons started for user
root (pid 29942)<br>
<br>
Note the end of the lines. You can filter things like that based on the<br>
"\(pid (\d+)\)" regex if I am not wrong in the syntax.<br>
<br>
That is it.<br>
<br>
[1] <a class="moz-txt-link-freetext"
href="http://en.wikipedia.org/wiki/Process_identifier">http://en.wikipedia.org/wiki/Process_identifier</a><br>
<br>
All the best,<br>
<br>
Kalin.<br>
<br>
-- <br>
| A |<br>
| D |<br>
| J |<br>
| P |<br>
_______________________________________________<br>
syslog-ng maillist - <a class="moz-txt-link-abbreviated"
href="mailto:syslog-ng@lists.balabit.hu">syslog-ng@lists.balabit.hu</a><br>
<a class="moz-txt-link-freetext"
href="https://lists.balabit.hu/mailman/listinfo/syslog-ng">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Frequently asked questions at <a class="moz-txt-link-freetext"
href="http://www.campin.net/syslog-ng/faq.html">http://www.campin.net/syslog-ng/faq.html</a><br>
<br>
</kalin.kozhuharov@jp.adecco.com></blockquote>
<br>
<div> </div>
<hr size="1">Everyone is raving about <a
href="http://us.rd.yahoo.com/evt=45083/*http://advision.webevents.yahoo.com/mailbeta">the
all-new Yahoo! Mail beta.</a>
<pre wrap=""><hr size="4" width="90%"> _______________________________________________ syslog-ng maillist - <a
class="moz-txt-link-abbreviated"
href="mailto:syslog-ng@lists.balabit.hu">syslog-ng@lists.balabit.hu</a> <a
class="moz-txt-link-freetext"
href="https://lists.balabit.hu/mailman/listinfo/syslog-ng">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a> Frequently asked questions at <a
class="moz-txt-link-freetext"
href="http://www.campin.net/syslog-ng/faq.html">http://www.campin.net/syslog-ng/faq.html</a> </pre>
</blockquote>
_______________________________________________<br>
syslog-ng maillist - <a class="moz-txt-link-abbreviated" href="mailto:syslog-ng@lists.balabit.hu">syslog-ng@lists.balabit.hu</a><br>
<a class="moz-txt-link-freetext" href="https://lists.balabit.hu/mailman/listinfo/syslog-ng">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Frequently asked questions at <a class="moz-txt-link-freetext" href="http://www.campin.net/syslog-ng/faq.html">http://www.campin.net/syslog-ng/faq.html</a><br>
<br>
</blockquote>
<br>
<p> </p>
<hr size="1">The fish are biting.<br>
<a
href="http://us.rd.yahoo.com/evt=49679/*http://searchmarketing.yahoo.com/arp/sponsoredsearch_v2.php?o=US2140&cmp=Yahoo&ctv=Q107Tagline&s=Y&s2=EM&b=50">
Get more visitors</a> on your site using <a
href="http://us.rd.yahoo.com/evt=49679/*http://searchmarketing.yahoo.com/arp/sponsoredsearch_v2.php?o=US2140&cmp=Yahoo&ctv=Q107Tagline&s=Y&s2=EM&b=50">Yahoo!
Search Marketing.</a>
<pre wrap="">
<hr size="4" width="90%">
_______________________________________________
syslog-ng maillist - <a class="moz-txt-link-abbreviated" href="mailto:syslog-ng@lists.balabit.hu">syslog-ng@lists.balabit.hu</a>
<a class="moz-txt-link-freetext" href="https://lists.balabit.hu/mailman/listinfo/syslog-ng">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a>
Frequently asked questions at <a class="moz-txt-link-freetext" href="http://www.campin.net/syslog-ng/faq.html">http://www.campin.net/syslog-ng/faq.html</a>
</pre>
</blockquote>
</body>
</html>