[syslog-ng] multiple facilities/streams into a named pipe?

[Balazs Scheidler]

On Tue, Aug 17, 1999 at 01:54:39AM -0400, streiner-syslogng@sgi.net wrote:
> This is a pretty off-the-wall question, but I figure I'd give it a shot ;-)
> I work in a largely Solaris shop and have to deal with many of the quirks of
> its syslog implementation.  One of these quirks came up when I tried on a
> hunch to get multiple event streams to feed into the same named pipe, which would
> then get pushed off to a network management system.  The reason I wanted to
> do this was organizational; i.e. have all routers log to local7.debug on my
> log server, switches log to local6.debug, ras servers to local5.debug and
> so on.  From what I've seen in early tests, this type of setup either causes
> Sun's syslogd fits or could potentially clobber data being written to the
> pipe.
> 
> My questions are: 1) has anyone ever tried anything like this?
> 2) is syslog-ng capable of supporting a setup like this on a Solaris 2.7
> box?

syslog-ng has troubles getting the local messages on a solaris box, but
otherwise network forwarding works, and this can be worked around using the
native syslogd of Solaris (see in one of the previous posts)

You can refer to the same destination several times:

source s_local { unix-stream("/dev/log"); internal(); };
source s_net { udp(); };

destination d_pipe { pipe("/var/run/proba"); };

filter f_local5 { facility(local5); };
filter f_local6 { facility(local6); };

log { source(s_net); filter(f_local5); destination(d_pipe); };
log { source(s_net); filter(f_local6); destination(d_pipe); };

-- 
Bazsi