On Thu, 2004-09-02 at 00:08, Enrico Scholz wrote:
Hello,
does there exists a way to tag messages from certain sources? E.g. I want to use syslog-ng in linux-vserver[1] enabled hosts. There, the syslog-ng daemon is running on the hosts, and I have lots of logging-sources at /vservers/*/dev/log. Theses logging services are behaving like normal hosts and have own hostnames.
For example, the syslog-ng daemon on host 'host' is configured with
| source s_vserver_www { unix-stream ("/vservers/www/dev/log"); };
This source is located in a vserver with the hostname 'www'. But when a logmessage is issued there, I get
| DATE host: MSG
but I would like to get
| DATE www: MSG
Something that should help you here is using chain_hostname(yes), which adds the source name into the message, so you can filter on that. It requires no modification to syslog-ng itself.
* $TAG is hex-encoded; but the other side expects decimal-encoding
you should have used $PRI instead
* every destination spawns a new stunnel-connection; because I have >30 vservers which would result in 30 destinations, this will become very expensive.
That's true.
Probably the best solution would be, when the hostname can be overridden on a per-source base. E.g. something like
| source s_vserver_www { unix-stream ("/vservers/www/dev/log" hostname("www")); };
Yes, something like this would be doable. I'll file a ticket into our bugzilla. -- Bazsi