[syslog-ng]RFE: enable tagging of sources
Balazs Scheidler
syslog-ng@lists.balabit.hu
Fri, 03 Sep 2004 12:08:28 +0200
On Thu, 2004-09-02 at 00:08, Enrico Scholz wrote:
> Hello,
>
> does there exists a way to tag messages from certain sources? E.g. I want
> to use syslog-ng in linux-vserver[1] enabled hosts. There, the syslog-ng
> daemon is running on the hosts, and I have lots of logging-sources at
> /vservers/*/dev/log. Theses logging services are behaving like normal
> hosts and have own hostnames.
>
> For example, the syslog-ng daemon on host 'host' is configured with
>
> | source s_vserver_www { unix-stream ("/vservers/www/dev/log"); };
>
> This source is located in a vserver with the hostname 'www'. But when a
> logmessage is issued there, I get
>
> | DATE host: MSG
>
> but I would like to get
>
> | DATE www: MSG
Something that should help you here is using chain_hostname(yes), which
adds the source name into the message, so you can filter on that. It
requires no modification to syslog-ng itself.
> * $TAG is hex-encoded; but the other side expects decimal-encoding
you should have used $PRI instead
> * every destination spawns a new stunnel-connection; because I have >30
> vservers which would result in 30 destinations, this will become very
> expensive.
That's true.
>
>
>
> Probably the best solution would be, when the hostname can be overridden
> on a per-source base. E.g. something like
>
> | source s_vserver_www { unix-stream ("/vservers/www/dev/log" hostname("www")); };
Yes, something like this would be doable. I'll file a ticket into our
bugzilla.
--
Bazsi