On Mon, Jun 09, 2003 at 11:52:43AM -0600, Wayne Sweatt wrote:
Balasz,
I'm not sure how much of your reply is use of a built-in methods or just examples. Is the "process" keyword an undocumented method, or just very new?
I've solved the problem with the CRON logs, by using the match() method. Every log I received consistently had one of three keywords. The only remaining facilities I need to deal with are the Darwin - "netinfo", and Linux, etc - "authpriv". I am not able to filter by OS Type, since the host names are irrelevant to OS. From the logs that I've collected, I can see that I can safely translate all incoming hex "c" facility values to "netinfo" and could also safely replace all hex "a" facilities to "authpriv". No Solaris systems/apps are using those values anywhere on our network.
I am able to use the pipe() method, but that means running a dedicated, non-syslog-ng process in the background to write to the logs. I'm not crazy about that convaluted scheme.
I haven't tried the program() method yet. Would that be the ticket for me if I want to just replace strings? Could I write a simple Perl loop that replaces the priority string on <STDIN> and then writes out to the desired log file?
if you want to stick to facilities you could write a perl script reading log messages from stdin a forwarding those logs to /dev/log using the libc syslog() function. reinjected messages would then be directed to different destinations based on the new, rewritten facility.
You use a "facility_rewrite_hack" in your example. How/where would that be defined?
neither process{} or the facitity_rewrite_hack() currently exists. they meant an example how those could be implemented. They were meant to generate discussion how this or that feature should/could be implemented. -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1