[fixed quoting] Hi Jawed, jawed abbasi wrote:
*/Kalin KOZHUHAROV <kalin.kozhuharov@jp.adecco.com>/* wrote:
jawed abbasi wrote:
Hi
I am wondering if there is a way to config syslog-ng so that
* it receives data from multiple processes running on the same source hosts and writting top the same port, without using (facility or severity levels) and still syslog writes a separate logfile for each process?
Yes, it depends.
for example:
HOST A runs all follwing processes which all write to same port 908
proces A process b process c
but different log files are created for each process.
If you can distinguish the output of each process, syslog-ng can also (via regex). A simple way to do that is to include PID in each MSG (a very common approach in non-Windoze world).
not sure what you mean include pid? how to add pid in msg? can you give me an example PID is short for Process Identifier[1]. Generally, all processes in a OS can obtain their PID from the OS by invoking some function (e.g. `echo $$` in bash).
The processes A,a,b above have to be modified to perpend their PID in their log output. For example, an excerpt from my logs: Jan 16 12:30:00 oss fcron[29796]: Job /usr/bin/test -x /usr/sbin/run-crons && /usr/sbin/run-crons started for user root (pid 29797) Jan 16 12:40:00 oss fcron[29941]: Job /usr/bin/test -x /usr/sbin/run-crons && /usr/sbin/run-crons started for user root (pid 29942) Note the end of the lines. You can filter things like that based on the "\(pid (\d+)\)" regex if I am not wrong in the syntax. That is it. [1] http://en.wikipedia.org/wiki/Process_identifier All the best, Kalin. -- | A | | D | | J | | P |