Jeremiah Rothschild wrote:
Specifically, I have a custom application that is writing to /var/log/messages and I'd like syslog-ng to monitor that file for events generated by the application then have them re-wrote to a different log file.
Yeah, I do stuff like that - I feed the events select to a named pipe, that I have another application listening on. You could just as easily use a plain file instead. destination xxxx { pipe("/var/log/xxxxpipe"); }; log { source(src); filter(f_mail); destination(xxxx);}; What you probably want is this: filter f_xxxx { program("yourcustomapp"); }; destination xxxx { file("/var/log/yourlog"); }; log { source(src); filter(f_xxxx); destination(xxxx);}; /Per Jessen, Zürich -- http://www.spamchek.com/ - managed anti-spam and anti-virus solution. Let us analyse your spam- and virus-threat - up to 2 months for free.