[syslog-ng]facility numbers
Hamilton, Andrew Mr RAYTHEON 5 SIG CMD
HamiltonA@hq.5sigcmd.army.mil
Thu, 14 Dec 2000 10:32:35 +0100
I'm not sure about the 9-14 codes but you can overload the other facilities.
If you have them come in as different programs you can do something like
this:
filter f_prog1 { program("prog1") and facility(local1); };
filter f_prog2 { program("prog2") and facility(local1); };
I do this all the time and it works great.
Regards,
Drew
> -----Original Message-----
> From: Wendell Turner [SMTP:wturner@halcyon.com]
> Sent: Wednesday, December 13, 2000 10:51 PM
> To: syslog-ng@lists.balabit.hu
> Subject: [syslog-ng]facility numbers
>
>
> Sirs,
>
> Some questions about facilities and priorities:
>
> 1) I see from the stock sys/syslog.h file there is:
>
> #define LOG_UUCP (8<<3) /* uucp subsystem */
> #define LOG_CRON (15<<3) /* cron/at subsystem */
> /* other codes through 15 reserved for system use */
>
> Have facility codes 9-14 ever been used? How could I use them for
> my own logging? Would that interfere with any 'standard' syslog
> functions? (I've already used the LOCAL0-7 ones, I would like
> more.) The sl_facilities table in syslog-names.c doesn't seem to
> allow for those in filters.
>
> 2) If that doesn't work, would it be proper to overload the stock
> 0-8 items with my own? Would that 'confuse' any other logging
> tools, or is it just a number used in the filtering?
>
> Thank you,
>
> Wendell Turner
>
>
>
> _______________________________________________
> syslog-ng maillist - syslog-ng@lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng