[syslog-ng]setting (or changin) facility / level feature request

Dave Johnson syslog-ng@lists.balabit.hu
Thu, 2 Sep 2004 15:42:39 -0500


Syslog-ng is working relatively well; however one performance item:

We have a named pipe configured for non syslog messages and want to
add another named pipe from a separate message source (again
non-syslog based).

Messages are aggregated and sent centrally.

Centrally messages are broken out /$DATE/$HOST/$FACILITY.

----

Initially messages were just "routing" based on the above information
(date/host/facility), creating a nice-straight-forward higher
performance configuration.

Now the central server and many of our client machines have to do
"extra" items (stamp messages, filter based on certain text), etc...

We are talking about 15-20 gigabytes a day of logs (today), and much
more tomorrow.  Going through an external program or msg filtering
adds a decent amount of CPU on all our machines, especially centrally.

It would be very helpful to have a "set _ facility/level" or
(change_facility, change_level) in the destination() or src () or
log() section of syslog-ng.  This would allow our client machines to
be able to src from several files and put data in local0-7.

- Dave Johnson