On Mon, Oct 10, 2005 at 07:13:51AM -0700, Evan Rempel wrote:
This is a little off topic for syslog-ng, but I bring it up here because syslog-ng has 90% of the code already written to accomplish this.
I need a tool to get data into my syslog-ng architecture. There are a number of programs that log to files or that standard output only. I can use tools like chronolog to manage the rollover of the files but that does not get the data into syslog-ng. I can pipe the data into "logger -pxxx.yyy -tag zzz" but this sends all of the messages with the same priority.
I would like a tool that can filter the input using regular expressions and then syslog the message to a specified facility.level and tag.
I wrote a tool a while back called "relogger.pl" which takes an existing syslog data file and re-injects each line back into syslog. It was meant for testing logsurfer or anything else that parsed syslog data, so you could have a "test" stream of log data sent in real-time. It's basically the same idea as logger, but it parses the data and can do things like figure out the delay between two messages and simulate the delay when re-logging the message. It almost does what you want - except right now it only reads syslog-formatted files. You'd have to teach it how to deal with normal text files, and then add parsing for the data in question - maybe add a command line option like: "--facilitymatch /PATTERN/=crit" (if data matches PATTERN, syslog it with facility "crit"). relogger.pl is attached. -- Ed