OK, I see .... We are using syslog-ng 2.0.5 and the file() driver to feed MySQL errors to syslog-ng. I think it's quite handy since syslog-ng preserves the last logfile position on syslog-ng restarts. Looks like this:
source s_tail { file("/var/log/mysql.err" follow_freq(1) flags(no-parse)); };
Works very well for us.
Yes, this works well, however, if I need to make a change to the logging for the application (mysql), or merely want to shutdown the mysql server to move the logs somewhere else due to space, or need to unmount the filesystem to add more space or a bunch of other things that are specific to the application, I DO NOT want to have to stop/start the system logging. We can then provide sudo access to application administrators to start/stop their own logging along with the application without giving them the ability to stop/start the system logging. For these reasons we use a second instance of syslog-ng to do exactly what you are saying, but to get it into the system syslog, which will route copies of messages to primary and backup central syslog servers etc, I need a way to get one syslog-ng instance to send messages to a second syslog-ng instance ON THE SAME HOST. That's why I listen on localhost:514, and am looking at using a pipe (permissions are an issue here). Evan.