Hi!
"Delon" == Delon Lee Di Lun <lee.delon2005@gmail.com> writes:
Delon> An example of the "application" logs im referring to would be for instance Delon> Apache HTTPD logs, I want to separate the "application" logs, in this Delon> example, the apache logs, and the "OS" logs into different Delon> directories. There are a few ways I can think of that'd make this work. The simplest one is perhaps using a different port to send HTTPD logs than the one used for OS logs. Then you can set up different log paths, no explicit filtering required. The downside is that you'll have your syslog-ng listen on two ports, may need to adjust firewall rules, and so on. Another option would be to force the PROGRAM field of apache logs to "apache" or "httpd", and filter based on that on the syslog-ng side. No need to use regexps for this, and you don't need to open a separate port, either. The downside is that you need the PROGRAM field to be consistent: all apache logs should have it set to the same value, and no OS logs should reuse that value. A third option would be to add an SDATA field to the apache logs on the rsyslog side, and filter based on that on the syslog-ng side. I am not familiar with rsyslog all that much, and can't offer an example how to do that. But it shouldn't be too hard, I imagine. -- |8]