[syslog-ng]RFE: enable tagging of sources
Enrico Scholz
syslog-ng@lists.balabit.hu
Thu, 02 Sep 2004 00:08:49 +0200
Hello,
does there exists a way to tag messages from certain sources? E.g. I want
to use syslog-ng in linux-vserver[1] enabled hosts. There, the syslog-ng
daemon is running on the hosts, and I have lots of logging-sources at
/vservers/*/dev/log. Theses logging services are behaving like normal
hosts and have own hostnames.
For example, the syslog-ng daemon on host 'host' is configured with
| source s_vserver_www { unix-stream ("/vservers/www/dev/log"); };
This source is located in a vserver with the hostname 'www'. But when a
logmessage is issued there, I get
| DATE host: MSG
but I would like to get
| DATE www: MSG
The destination options are supporting 'template()' already and I tried
something like
| destination d_vserver_www {
| tcp("127.0.0.1" port(520) template("<$TAG>$DATE www $MSG\n"));
| };
|
| log { source(s_vserver_www); destination(d_vserver_www); };
Unfortunately, this does not really work because:
* $TAG is hex-encoded; but the other side expects decimal-encoding
* every destination spawns a new stunnel-connection; because I have >30
vservers which would result in 30 destinations, this will become very
expensive.
Probably the best solution would be, when the hostname can be overridden
on a per-source base. E.g. something like
| source s_vserver_www { unix-stream ("/vservers/www/dev/log" hostname("www")); };
Enrico
Footnotes:
[1] http://linux-vserver.org