[syslog-ng]syslog-ng newbie facility question

Brad Arlt syslog-ng@lists.balabit.hu
Wed, 19 Nov 2003 09:54:47 -0700


On Wed, Nov 19, 2003 at 09:29:18AM -0500, Josh Endries wrote:
> Hiya everyone,
> Anyway, my question is about logging facilities. I never thought
> about this with syslogd; I always assumed I was limited to the
> normal facilities, local2 and mail and whatnot. But looking through
> the syslog-ng config file it occurred to me that I may be able to
> create my own facility filters. For example, create an apache
> facility and have Apache log to this. I could then pipe Apache to
> the log host and have it consolidate all that stuff into httpd-error
> files in the new directory hierarchy.

Ummm... the "local" facilities are the custom ones.  In your head you
are supposed to say "local4 means apache", and maybe you say it in a
comment in a config file somewhere.

I would not recommend sliding your own facility into slots your OS(es)
just happen not to use.  And you will find some OSes will not allow
this added facility to work correctly (it will work fine over the
network, but an OS needed to feed it to syslog in the first place,
so...)

You will be just as happy logging to daemon (since Apache is a daemon)
and matching on "httpd" or "apache" in the program field.
-----------------------------------------------------------------------
   __o		Bradley Arlt			Security Team Lead
 _ \<_		arlt@cpsc.ucalgary.ca		University Of Calgary
(_)/(_) 	Joyously Canadian	 	Computer Science