<html><head>
<meta http-equiv="Content-Type" content="text/html; charset=Windows-1252">
<meta name="Generator" content="Microsoft Exchange Server">
<!-- converted from text -->
<style><!-- .EmailQuote { margin-left: 1pt; padding-left: 4pt; border-left: #800000 2px solid; } --></style></head>
<body>
<body style="font-family:Arial,Helvetica,sans-serif; font-size:small; color:black"><span style="font-family:Arial,Helvetica,sans-serif; font-size:small; color:black">I'm actually writing logs out to syslog as local6 facility using log4j. Then using rsyslog, I am forwarding those logs to the syslog-ng server using 'local6.* @centrallogserverhost'. So when syslog-ng receives those logs, it writes them out to a file named local5.$DAY according to my destination configuration. So, I don't know that $PROGRAM would accurately record the name. Will give it a shot and see.<br><br></span><br><br>-----Original Message----- <br><b>From:</b> Martin Holste [mcholste@gmail.com]<br><b>Received:</b> Friday, 25 Mar 2011, 12:21pm<br><b>To:</b> Syslog-ng users' and developers' mailing list [syslog-ng@lists.balabit.hu]<br><b>CC:</b> Steve Smith [ssmith@xpressdocs.com]<br><b>Subject:</b> Re: [syslog-ng] Rewrite facility names of remote logs<br><br></body>
<font size="2"><div class="PlainText">Is "tomcat" the $PROGRAM or the $FACILITY name? I would think it<br>
would be $PROGRAM like "ssh" or "apache."<br>
<br>
On Fri, Mar 25, 2011 at 9:44 AM, Steve Smith <ssmith@xpressdocs.com> wrote:<br>
> I’ve setup Syslog-NG to receive logs from other servers which have been<br>
> configured as follows -<br>
> Tomcat servers are forwarding logs as facility6 to rsyslog, which then<br>
> forwards to central log server.<br>
> Apache servers are forwarding logs as faility5 to rsyslog which then<br>
> forwards to central log server.<br>
><br>
> When I receive these logs on the central log server, they are written to<br>
> files as their facility name, i.e. local6.$DAY.<br>
> Is there a way to change or re-write the facility name on the fly so that<br>
> instead of local6.$DAY I can get the file written as tomcat.$DAY?<br>
><br>
> Here is the configuration I’m using to store the logs -<br>
><br>
> destination d_net {<br>
> file("/var/log/hosts/$YEAR/$MONTH/$HOST/$FACILITY.$DAY"<br>
> owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes)<br>
> );<br>
> };<br>
><br>
> log {<br>
> source(s_net);<br>
> destination(d_net);<br>
> };<br>
><br>
> ______________________________________________________________________________<br>
> Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
> Documentation:<br>
> <a href="http://www.balabit.com/support/documentation/?product=syslog-ng">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
> FAQ: <a href="http://www.campin.net/syslog-ng/faq.html">http://www.campin.net/syslog-ng/faq.html</a><br>
><br>
><br>
><br>
</div></font>
</body>
</html>