On Fri, 2005-10-21 at 01:03 -0500, Kevin wrote:
> On 10/20/05, Yan M. <yannnick_m@yahoo.com> wrote:
> >  searching through the documentation, FAQ, README
> > and INSTALL I didnt find anywhere mentionned that I can
> > create new facilities.
> >
> > I read that syslog-ng has the same facilities than syslog in 
Solaris.
> 
> Technically, syslog-ng has the same facilities as all
> standards-compliant syslog daemons, because the facility range is
> defined in RFC 3164
> 
> There are only 24 legal values for the facility, and eight legal
> values for severity.
> 
> > What I want to do is to have more facilities, with significative 
names
> > like httpd0, httpd1, httpd2, httpd3.....and so on to httpd50.
> >
> > This is to split message received from my apache VirtualHosts 
AccessLog and
> > ErrorLog
> 
> How would you cause Apache to generate "syslog" messages with
> non-standards-conformant facility values, corresponding to your
> virtual hosts?
> 
> 
> > I dont want to filter using regexp, only with facility
> 
> One ugly hack to accomplish what you ask would be to use the standard
> facilities and severities to indicate which virtual host sourced the
> traffic.  So "kern.debug" would be httpd0, kern.info would be httpd1,
> and local7.emergency would be httpd191
> 
> It might be easier to just use regex.

syslog-ng 2.x allows specifying facility values by number, even still
difficult to generate non-compliant facility messages in the first
place.

The reason why the facility based filtering failed in the first place
was that no appropriate processes were created to allocate new numbers.

-- 
Bazsi

_______________________________________________
syslog-ng maillist  -  syslog-ng@lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html