Check out looperng - perhaps it will help do what you need... http://muthanna.com/looperng/ -----Original Message----- From: Evan Rempel [mailto:erempel@uvic.ca] Sent: Thursday, October 13, 2005 1:25 AM To: Syslog-ng users' and developers' mailing list Subject: [syslog-ng] Re: logger-ng needed I know I'm not supposed to reply to my own posts... After a lot more thought, I think that all I really want to do is ask for one new source to be added, and one new destination to be added. source input { stdin(); }; to obtain data from the standard input. destination syslog.userinfo { syslog( facility(user) priority(info) tag(myApp) template(xxx)); }; to write messages into the local syslog mechanism. I realize that this would cause syslog-ng to process each of these messages twice, but the source of the messages do not yet have a datestamp, facility, priority, tag or host associated with them (ie they are not syslog format yet). This is the same as messages comming from a pipe. It would be nice to regexp match these messages an syslog them with appropriate facility.priority information, not to mention a meaningfull tag. I realize that this option could result in a circular path for a message, but with some care, the messages from a given source (file, pipe, standard input etc) can be passed to syslog which could in tern be loged to a file locally, or transfered to a central logger. This would be sufficient to get most, if not all, log messages fom all applications into a single syslog architecture. Apache and mysql are the big two, but Tivoli Storage manager is also a problem at our site. Thanks for the consideration. Evan. On Mon, 10 Oct 2005, Evan Rempel wrote:
Date: Mon, 10 Oct 2005 07:13:51 -0700 (PDT) From: Evan Rempel <erempel@UVic.CA> To: Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu> Subject: logger-ng needed
This is a little off topic for syslog-ng, but I bring it up here because syslog-ng has 90% of the code already written to accomplish this.
I need a tool to get data into my syslog-ng architecture. There are a number of programs that log to files or that standard output only. I can use tools like chronolog to manage the rollover of the files but that does not get the data into syslog-ng. I can pipe the data into "logger -pxxx.yyy -tag zzz" but this sends all of the messages with the same priority.
I would like a tool that can filter the input using regular expressions and then syslog the message to a specified facility.level and tag.
Syslog-ng has all of the code for reading from a variety of sources. Syslog-ng has all of the code to filter based on regular expressions All that needs to be added is applying the facility.level, tag and syslogging the message.
I would like the developers of syslog-ng to consider writing a logger-ng to go along with it. A sample configuration file is included below just so that I get all of my thoughts into this one e-mail. If no configuration file was specified, then it could oporate just like logger, or it could simply be a new tool rather than a replacement.
Thanks for a great syslog deamon.
Evan Rempel
------------------ example configuration file ------------------------------- source my_app { unix-stream("/tmp/logpipe" tag(my_apps_name)); }; source second_app { file("/var/log/http_access" tag(second_app_name)); };
filter find_errors(match(*error*); }
destination user.info { facility(user); level(info); }; destination user.error { facility(user); level(error); }; destination local4.info { facility(local4); level(info); }; destination local4.error { facility(local4); level(error); }; # perhaps the destinations are predefined as I think they will always be # the syslog priorities.
log { source(my_app); filter(find_errors); destination(user.error); }; log { source(my_app); destination(user.info); flags(fallback);
log { source(second_app); filter(find_errors); destination(local4.error); }; log { source(second_app); destination(local4.info); flags(fallback);
# the fallback option would only have the scope for the given source. Each # source would require its own fallback flag.
------------------ end example configuration file ---------------------------
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html