Alan Edmonds wrote:
We are doing something similar; we use tomcat and apache. For apache, something like this (we are using 2.0):
CustomLog "|/usr/bin/logger -p local1.info -t apache-access " access-format
Then on syslog-ng I use the "tag" to point it to the right log file.
For tomcat, that is tougher; stack dumps are a curse to syslog.
There is a hook in the Catalina startup scripts to create a named pipe for gc.out and tomcat.out. The it spawns a logger -p local2.info < gc.out-named-pipe thingy to send to syslog-ng.
I can send more details if you need them. Alan
T-Mobile International UK Limited Company Registered Number: 3951860 Registered Office Address: Hatfield Business Park, Hatfield, Hertfordshire, AL10 9BW Registered in England and Wales
NOTICE AND DISCLAIMER
This email (including attachments) is confidential. If you are not the intended recipient, notify the sender immediately, delete this email from your system and do not disclose or use for any purpose ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
Thanks for your response Alan! I would appreciate any additional details that you could provide. I am responsible for setting up the log server, but not sure about reconfiguring the application pieces so much. I took a look at startup.sh and catalina.sh, but am not sure about the pipe option you mentioned. Does that keep the wrapping events as a single event in syslog? If so it sounds like what I need. As for the logger piece, it looks like you can set the facility and priority along with tagging to get it to the right syslog-ng destination, but do you still get multi-lines if the message wraps? I would definitely like to hear more. Thanks again. Chris