Hi

i am getting started with syslog

can i add a new facility different from ( mail ... local0 to 7)

what  i did til now is sending every thing (src)  to a syslog server via udp

filter myfil1 { facility(local1); };# let only local1 = error log apache

destination loghost {
 udp("192.168.1.66" port(514));
};
log {
    source(src);
 
   filter(myfil1);
    destination(loghost);
};

###Server syslog

source src {
        #
        # include internal syslog-ng messages
        # note: the internal() soure is required!
        #
#       internal();

        #
        # the default log socket for local logging:
        #
#       unix-dgram("/dev/log");

        #
        # uncomment to process log messages from network:
        #
        #udp(ip("0.0.0.0") port(514));
       udp(port(514));


};
source src {
        #
        # include internal syslog-ng messages
        # note: the internal() soure is required!
        #
#       internal();

        #
        # the default log socket for local logging:
        #
#       unix-dgram("/dev/log");

        #
        # uncomment to process log messages from network:
        #
        #udp(ip("0.0.0.0") port(514));
       udp(port(514));


};

and sent

Apache erreor to syslog :local1 /mod_log_config.conf

Errorlog syslog:local1

**************

what i tried and didnot work is adding

/var/log/apache2/errorlog

as sorce because of permession denial
and using unix-stream
              unix-dgram
          pipe ( i created file  with) mkififo

between apache and syslog

nothing
so

sorry if i am bothering  but my questions are


1 can i add a new facility like local1 and collect on it apapche error log
if no
is

Errorlog syslog: local1 the best way

with a filter on local1

2 does local1in my case contain only appache error log

3 if there is another  way be my gest i am hering


Sorry am not good in eglish