On Tue, Jun 07, 2011 at 05:38:07PM +0200, Gergely Nagy wrote:
Dejan Muhamedagic <dejan@suse.de> writes:
We have a kind of machinery which collects syslog logs from several hosts. Currently it works by sending a message using logger(1) to the given facility.severity and then looking up the message in log files in /var/log and a few other directories (using grep).
I'm looking for a more robust and faster way to discover the destination. Would that be possible with syslog-ng? And which is the optimal way to achieve that? An extra syslog-ng option? An extra binary? Or perhaps using logger(1)?
I don't quite get the question, I'm afraid.
So, lets clarify what you have, and what you want to accomplish:
If I understood you correctly, you have a set of hosts sending logs to wherever, and every hosts' messages end up in the same file (depending on facility.severity), and you want to split them by host?
No. The task is to get the destination (log file) for the given facility. Right now I have brute force discovery like: # logger -p facility.info unique_message # grep -l unique_message /var/log/* I'd like to be able to query syslog-ng and get a list of destinations. Cheers, Dejan
-- |8] ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq