[syslog-ng]Newbie intro/question

[Dave Carmean]

Greetings from a list newbie.

I discovered syslog-ng the other day while STFW for more info about 
logsurfer, which I've been trying out recently.  I've looked at 
the list archives for several months back, but don't see obvious 
answers to the following:

- Are people using -ng to perform noise filtering and/or alerting a-la 
  Swatch, WOTS, logsurfer, etc?  Or is most filtering just to effectively 
  increase the number of facilities by sorting on reporting program name?

- Has anybody devised a way with -ng to monitor the repeat rate of a 
  particular message?  I.e. if you get 10 log_info messages per hour 
  from named on host foo, ignore them, but if you get 100, save them 
  and trigger some event?

- I would like to embed the message's facility/level into the recorded 
  message text, similar to what SGI's Irix' syslogd does, although probably 
  in human-readable form rather than an octal number.  Maybe I'm looking 
  in the wrong docs, but I'd like to write something like this to the 
  output channel:

	"Feb 27 01:31:05 foo sendmail[nnn]: ${FACILITY}/${PRIORITY} \
           $rest_of_message"


I'll go RTFM some more, but if anybody can give some basic answers, 
I'd be grateful.

Thanks.

-- Dave

    Live fast.  Die young.  Leave a good-looking audit trail.