On Fri, 2005-10-21 at 01:03 -0500, Kevin wrote:> On 10/20/05, Yan M. <yannnick_m@yahoo.com> wrote:> > searching through the documentation, FAQ, README> > and INSTALL I didnt find anywhere mentionned that I can> > create new facilities.> >> > I read that syslog-ng has the same facilities than syslog in Solaris.> > Technically, syslog-ng has the same facilities as all> standards-compliant syslog daemons, because the facility range is> defined in RFC 3164> > There are only 24 legal values for the facility, and eight legal> values for severity.> > > What I want to do is to have more facilities, with significative names> > like httpd0, httpd1, httpd2, httpd3.....and so on to httpd50.> >> > This is to split message received from my apache VirtualHosts AccessLog and> > ErrorLog> > How would you cause Apache to generate "syslog" messages with> non-standards-conformant facility values, corresponding to your> virtual hosts?> > > > I dont want to filter using regexp, only with facility> > One ugly hack to accomplish what you ask would be to use the standard> facilities and severities to indicate which virtual host sourced the> traffic. So "kern.debug" would be httpd0, kern.info would be httpd1,> and local7.emergency would be httpd191> > It might be easier to just use regex.syslog-ng 2.x allows specifying facility values by number, even stilldifficult to generate non-compliant facility messages in the firstplace.The reason why the facility based filtering failed in the first placewas that no appropriate processes were created to allocate new numbers.-- Bazsi_______________________________________________syslog-ng maillist - syslog-ng@lists.balabit.huhttps://lists.balabit.hu/mailman/listinfo/syslog-ngFrequently asked questions at http://www.campin.net/syslog-ng/faq.html Rethinking about it, I found another way to do it. It is under Solaris8 so I can use pipes, apache ErrorLog and AccessLog can write to pipes. Apache runs in a chroot jail, and ErrorLog's/AccessLog's of all VirtualHosts write to their own unique pipe in the jail. Syslog-ng runs not chrooted and can read the pipes so I defines a source for each pipes in the config I can split logs from apache that way. Thanks for your replies Yan --------------------------------- Yahoo! FareChase - Search multiple travel sites in one click.