On Fri, 2005-10-21 at 01:03 -0500, Kevin wrote:
On 10/20/05, Yan M. <yannnick_m@yahoo.com> wrote:
searching through the documentation, FAQ, README and INSTALL I didnt find anywhere mentionned that I can create new facilities.
I read that syslog-ng has the same facilities than syslog in Solaris.
Technically, syslog-ng has the same facilities as all standards-compliant syslog daemons, because the facility range is defined in RFC 3164
There are only 24 legal values for the facility, and eight legal values for severity.
What I want to do is to have more facilities, with significative names like httpd0, httpd1, httpd2, httpd3.....and so on to httpd50.
This is to split message received from my apache VirtualHosts AccessLog and ErrorLog
How would you cause Apache to generate "syslog" messages with non-standards-conformant facility values, corresponding to your virtual hosts?
I dont want to filter using regexp, only with facility
One ugly hack to accomplish what you ask would be to use the standard facilities and severities to indicate which virtual host sourced the traffic. So "kern.debug" would be httpd0, kern.info would be httpd1, and local7.emergency would be httpd191
It might be easier to just use regex.
syslog-ng 2.x allows specifying facility values by number, even still difficult to generate non-compliant facility messages in the first place. The reason why the facility based filtering failed in the first place was that no appropriate processes were created to allocate new numbers. -- Bazsi