On Mon, 2010-03-22 at 23:46 +0200, Alan McKinnon wrote:
On Monday 22 March 2010 18:55:59 Balazs Scheidler wrote:
On Mon, 2010-03-22 at 08:50 -0500, fedora fedora wrote:
Hi, I have some odd devices using syslog facility 24, and there is no way I can change it!
In this case, is it possible letting syslog-ng use facility 24? right now it gives me, 24 is not supported error and quits.
It should be possible to reference facility 24 this way:
filter f_fac24 { facility(24); };
If you specify a facility by number, it is not possible to use a range, but otherwise it should work. Does it for you?
Baszi,
How high can one take these undefined facilities?
I've always found it incredibly annoying that the standard facilities are so limited, that apart from local0-7 there's no way to extend them, and that the latest standards didn't define any new ones.
There's no real limit, only the fact that no devices allow you to define new numbers. I guess the original intention was to allow several facilities, but no process was defined to do so, and the current set is quite hardwired in implementations. syslog-ng does allow you to filter based on up to 13 bits worth of facility codes (that's about 8192 different codes), but I doubt you can configure those in your client devices. Use something else for the same purpose: host name, application name, structured data, or for the better: classify messages using patterndb, assign a tag and use that for filtering. -- Bazsi