Re: Tool to determine facility and severity from syslog packets
Hi there, On Wed, 6 Dec 2006 Paul Krizak wrote:
# The big monolithic syslog file destination d_big_messages { file ( "/var/log/logs/messages.log"
How about # The several separate syslog files destination d_separated_messages { file ( "/var/log/logs/$FACILITY.log" etc.? -- 73, Ged.
On Wed, Dec 06, 2006 at 11:49:19AM +0000, G.W. Haywood wrote:
Hi there,
On Wed, 6 Dec 2006 Paul Krizak wrote:
# The big monolithic syslog file destination d_big_messages { file ( "/var/log/logs/messages.log"
How about
# The several separate syslog files destination d_separated_messages { file ( "/var/log/logs/$FACILITY.log"
Sorry if anyone mentioned this already, but I'd sniff the wire if I had the time/patience, or just make syslog-ng tell me and I'd come back and look later: # set it up destination logxtra { file("/var/log/tell_me_the_facility_and_severity_please" owner(root) group(syslog) perm(0640) dir_perm(0750) dir_group(syslog) dir_owner(root) create_dirs(yes) template("$DATE $FULLHOST $PROGRAM: [$FACILITY.$LEVEL] $MSGONLY\n" ) template-escape(no) ); }; # log it log { source(s_local); source(s_net); destination(logxtra); }; This looks rather like the Solaris 8+ syslog format, lacking the message ID, of course. -- Nate "Fifty years of programming language research, and we end up with C++ ???" - Richard A. O'Keefe.
participants (2)
-
G.W. Haywood
-
Nate Campi