Hi all, I have completely replaced syslogd with syslog-ng on my main system and it is great! Thank you much for all the work that has gone into it. I am a very grateful user and wanted to give praise where due! However, I do have another system with lesser needs that I am unsure how to correctly configure. I'm hoping someone here may be able to provide me with some insight. What I'm wanting to do is set up syslog-ng to monitor one of the files that syslogd is writing. Specifically, I have a custom application that is writing to /var/log/messages and I'd like syslog-ng to monitor that file for events generated by the application then have them re-wrote to a different log file. I have read the reference manual, and tried messing around with the file() driver, but don't seem to be getting anywhere. Additionally, I searched the last six months of the mailing list archive but saw no related threads. Any helps is greatly appreciated. Thanks again! jeremiah
Jeremiah Rothschild wrote:
Specifically, I have a custom application that is writing to /var/log/messages and I'd like syslog-ng to monitor that file for events generated by the application then have them re-wrote to a different log file.
Yeah, I do stuff like that - I feed the events select to a named pipe, that I have another application listening on. You could just as easily use a plain file instead. destination xxxx { pipe("/var/log/xxxxpipe"); }; log { source(src); filter(f_mail); destination(xxxx);}; What you probably want is this: filter f_xxxx { program("yourcustomapp"); }; destination xxxx { file("/var/log/yourlog"); }; log { source(src); filter(f_xxxx); destination(xxxx);}; /Per Jessen, Zürich -- http://www.spamchek.com/ - managed anti-spam and anti-virus solution. Let us analyse your spam- and virus-threat - up to 2 months for free.
participants (2)
-
Jeremiah Rothschild
-
Per Jessen