Hi, Ed W <lists@wildgooses.com> [20070903 22:24:13 +0100]:
I am setting up a bunch of vserver machines on a single host (basically just a fancy chroot setup) - just looking for advice on a decent setup.
1) Would prefer not to run multiple instances of syslogd in each vserver if possible (no special reason, just seems pointless). 2) Each vserver runs multiple processes, so need a fairly fully featured set of logging for each 3) Want to keep the logs readonly, or basically untouchable in the vservers
So I tried
a) setting up the host system to run the /vserver/xxx/dev/log as it's source b) using destinations of the form: "/var/log/$HOST/messages", "/var/log/$HOST/mail.log", etc
However, this doesn't seem to work because $HOST always shows the same name for every vhost (actually it has the name of the host server)
[snipped]
What I really want is some way that I can set some MACRO in the "source{}" stanza and then use that later on in my destinations{} - is this possible? Any other ways to achieve this? Actually I can't find any way to define custom macros, but this feature would seem to solve a lot of configuration scenarios?
For my multicast logging I wanted to be lazy and log depending on the *destination* IP address[1] rather than the source IP; in multicast you group the services together under a single multicast group address (for example all mail server logging goes to 239.234.234.32). I cobbled together a patch that lets you use $DESTIP as a macro. http://marc.info/?l=syslog-ng&m=116136122419201&w=2 http://marc.info/?l=syslog-ng&m=118545979625151&w=2 I keep lightly prodding Bazsi to re-write it properly[2] and I am sure he will someday but is this the sort of thing useful to you. If you bind to each vserver IP seperately on your host machine[3] you should find using $DESTIP in your macro's works nicely. To map IP's to friendly names I would recommend softlinks in the filesystem personally. Cheers Alex [1] this keeps the syslog-ng.conf file very simple and I do not have to specify and keep up to date a list of source addresses; it is all mapped to a single destination group address [2] but it is complicated as to do it properly you would have to use IP(V6)_PKTINFO, or for *BSD people its IP_RECVDSTADDR and from when I was looking through the code there is not much opportunity to get this kind of data to the macro sub-system without some framework reworking/rejuggling [3] so seperate 'udp(ip(w.x.y.x) port(514));' in the source{} section for each vserver IP otherwise this patch will set $DESTIP to '0.0.0.0'