<html>
<head>
<style>
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
FONT-SIZE: 10pt;
FONT-FAMILY:Tahoma
}
</style>
</head>
<body class='hmmessage'>
<pre>Hello;<br><br>I am in search for a way to graph my logs for four separate mailservers, <br>since all four are logging onto the same syslog-ng host, <br>I figured I'd use mailgraph, a tool which creates graphs using RRDtools.<br><br>I got rrdtools installed and ran mailgraph, and after not receiving any graph data at all in my database<br>(mailgraph.rrd file), I ran strace and saw:<br> <br>write(2, "WARNING: line not in syslog form"..., 209) = 209<br>write(2, "WARNING: line not in syslog form"..., 167) = 167<br>write(2, "WARNING: line not in syslog form"..., 172) = 172<br>write(2, "WARNING: line not in syslog form"..., 173) = 173<br>write(2, "WARNING: line not in syslog form"..., 194) = 194<br>write(2, "WARNING: line not in syslog form"..., 172) = 172<br><br>My syslog-ng.conf has the following relevant data for this particular source:<br><br>options<br> {<br> chain_hostnames(no);<br> create_dirs (yes);<br> dir_perm(0755);<br> use_dns (yes);<br> dns_cache(yes);<br> dns_cache_size(1000);<br> dns_cache_expire(604800);<br> keep_hostname(yes);<br> log_fifo_size(10000);<br> log_msg_size(8192);<br> long_hostnames(on);<br> perm(0644);<br> stats(3600);<br> sync(0);<br> time_reopen (10);<br> use_dns(yes);<br> use_fqdn(yes);<br> };<br><br>log { source(S_udp); filter(F_mailservers); destination(D_mailservers); flags(final); };<br>destination D_mailservers { file("/var/log/Acme-Hosts/MailServers/$FULLHOST.log"<br> perm(0644)); };<br><br><br>My logs look like:<br> <br>Sep 5 16:31:45 mailserver.example.net/mailserver.example.net postfix/qmgr[27362]: [ID 197553 mail.info] 597816CB1E: from=<203176.549962556@abc.exampletest.com>, size=14602, nrcpt=1 (queue active)<br> <br>Sep 5 16:31:45 mailserver.mailserver.net/mailserver.example.net postfix/qmgr[27362]: [ID 197553 mail.info] 3081A6CB1C: removed<br> <br>Sep 5 16:31:45 mailserver.mailserver.net/mailserver.example.net postfix/qmgr[27362]: [ID 197553 mail.info] 1C0426CB1D: removed<br> <br>Is there a way that I can tel syslog-ng to output to two locations, on e in the format above, which I need, and another in the format that mailgraph expexts to see?<br><br>I assume that mailgraph is not setup to see the HOSTNAME/HOSTNAME entries shown above.<br><br>I am using syslog-ng, latest, and am purposely stuffing my data into files named after the host, into a directory named after the same.<br>I am also using a FIFO to redirect all logged data into a mysql DB, but the script mailgraph is receiving it's data from the flat files above.<br><br>Any help appreciated, especially in a way that would not require rewriting the way the data looks now.<br> <br>Thanks all,<br> <br>.vp</pre></body>
</html>