RFE: enable tagging of sources
Hello, does there exists a way to tag messages from certain sources? E.g. I want to use syslog-ng in linux-vserver[1] enabled hosts. There, the syslog-ng daemon is running on the hosts, and I have lots of logging-sources at /vservers/*/dev/log. Theses logging services are behaving like normal hosts and have own hostnames. For example, the syslog-ng daemon on host 'host' is configured with | source s_vserver_www { unix-stream ("/vservers/www/dev/log"); }; This source is located in a vserver with the hostname 'www'. But when a logmessage is issued there, I get | DATE host: MSG but I would like to get | DATE www: MSG The destination options are supporting 'template()' already and I tried something like | destination d_vserver_www { | tcp("127.0.0.1" port(520) template("<$TAG>$DATE www $MSG\n")); | }; | | log { source(s_vserver_www); destination(d_vserver_www); }; Unfortunately, this does not really work because: * $TAG is hex-encoded; but the other side expects decimal-encoding * every destination spawns a new stunnel-connection; because I have >30 vservers which would result in 30 destinations, this will become very expensive. Probably the best solution would be, when the hostname can be overridden on a per-source base. E.g. something like | source s_vserver_www { unix-stream ("/vservers/www/dev/log" hostname("www")); }; Enrico Footnotes: [1] http://linux-vserver.org
On Thu, 2004-09-02 at 00:08, Enrico Scholz wrote:
Hello,
does there exists a way to tag messages from certain sources? E.g. I want to use syslog-ng in linux-vserver[1] enabled hosts. There, the syslog-ng daemon is running on the hosts, and I have lots of logging-sources at /vservers/*/dev/log. Theses logging services are behaving like normal hosts and have own hostnames.
For example, the syslog-ng daemon on host 'host' is configured with
| source s_vserver_www { unix-stream ("/vservers/www/dev/log"); };
This source is located in a vserver with the hostname 'www'. But when a logmessage is issued there, I get
| DATE host: MSG
but I would like to get
| DATE www: MSG
Something that should help you here is using chain_hostname(yes), which adds the source name into the message, so you can filter on that. It requires no modification to syslog-ng itself.
* $TAG is hex-encoded; but the other side expects decimal-encoding
you should have used $PRI instead
* every destination spawns a new stunnel-connection; because I have >30 vservers which would result in 30 destinations, this will become very expensive.
That's true.
Probably the best solution would be, when the hostname can be overridden on a per-source base. E.g. something like
| source s_vserver_www { unix-stream ("/vservers/www/dev/log" hostname("www")); };
Yes, something like this would be doable. I'll file a ticket into our bugzilla. -- Bazsi
participants (2)
-
Balazs Scheidler
-
Enrico Scholz