[syslog-ng] Re: logger-ng needed

Thu Oct 13 07:24:54 CEST 2005

I know I'm not supposed to reply to my own posts...

After a lot more thought, I think that all I really want to do is ask for
one new source to be added, and one new destination to be added.

source input { stdin(); };
 to obtain data from the standard input.

destination syslog.userinfo { syslog( facility(user) priority(info) tag(myApp) template(xxx)); };
 to write messages into the local syslog mechanism.

I realize that this would cause syslog-ng to process each of these
messages twice, but the source of the messages do not yet have a
datestamp, facility, priority, tag or host associated with them (ie they
are not syslog format yet). This is the same as messages comming from a
pipe. It would be nice to regexp match these messages an syslog them with
appropriate facility.priority information, not to mention a meaningfull
tag.

I realize that this option could result in a circular path for a message,
but with some care, the messages from a given source (file, pipe, standard
input etc) can be passed to syslog which could in tern be loged to a file
locally, or transfered to a central logger.

This would be sufficient to get most, if not all, log messages fom all
applications into a single syslog architecture. Apache and mysql are the
big two, but Tivoli Storage manager is also a problem at our site.

Thanks for the consideration.

Evan.

On Mon, 10 Oct 2005, Evan Rempel wrote:

> Date: Mon, 10 Oct 2005 07:13:51 -0700 (PDT)
> From: Evan Rempel <erempel at UVic.CA>
> To: Syslog-ng users' and developers' mailing list
>     <syslog-ng at lists.balabit.hu>
> Subject: logger-ng needed
>
>
> This is a little off topic for syslog-ng, but I bring it up here because
> syslog-ng has 90% of the code already written to accomplish this.
>
> I need a tool to get data into my syslog-ng architecture. There are a
> number of programs that log to files or that standard output only. I can
> use tools like chronolog to manage the rollover of the files but that does
> not get the data into syslog-ng. I can pipe the data into "logger
> -pxxx.yyy -tag zzz" but this sends all of the messages with the same
> priority.
>
> I would like a tool that can filter the input using regular expressions
> and then syslog the message to a specified facility.level and tag.
>
> Syslog-ng has all of the code for reading from a variety of sources.
> Syslog-ng has all of the code to filter based on regular expressions
> All that needs to be added is applying the facility.level, tag and
> syslogging the message.
>
> I would like the developers of syslog-ng to consider writing a logger-ng
> to go along with it. A sample configuration file is included below just so
> that I get all of my thoughts into this one e-mail. If no configuration
> file was specified, then it could oporate just like logger, or it could
> simply be a new tool rather than a replacement.
>
> Thanks for a great syslog deamon.
>
> Evan Rempel
>
> ------------------ example configuration file -------------------------------
> source my_app { unix-stream("/tmp/logpipe" tag(my_apps_name)); };
> source second_app { file("/var/log/http_access" tag(second_app_name)); };
>
> filter find_errors(match(*error*); }
>
> destination user.info { facility(user); level(info); };
> destination user.error { facility(user); level(error); };
> destination local4.info { facility(local4); level(info); };
> destination local4.error { facility(local4); level(error); };
> # perhaps the destinations are predefined as I think they will always be
> # the syslog priorities.
>
> log { source(my_app); filter(find_errors); destination(user.error); };
> log { source(my_app); destination(user.info); flags(fallback);
>
> log { source(second_app); filter(find_errors); destination(local4.error); };
> log { source(second_app); destination(local4.info); flags(fallback);
>
> # the fallback option would only have the scope for the given source. Each
> # source would require its own fallback flag.
>
>
> ------------------ end example configuration file ---------------------------
>
>