[syslog-ng] Re: logger-ng needed

James Brunke jbrunke at ctsgi.com
Thu Oct 13 07:37:06 CEST 2005 

Check out looperng - perhaps it will help do what you need...

http://muthanna.com/looperng/ 

-----Original Message-----
From: Evan Rempel [mailto:erempel at uvic.ca] 
Sent: Thursday, October 13, 2005 1:25 AM
To: Syslog-ng users' and developers' mailing list
Subject: [syslog-ng] Re: logger-ng needed


I know I'm not supposed to reply to my own posts...

After a lot more thought, I think that all I really want to do is ask for
one new source to be added, and one new destination to be added.

source input { stdin(); };
 to obtain data from the standard input.

destination syslog.userinfo { syslog( facility(user) priority(info)
tag(myApp) template(xxx)); };  to write messages into the local syslog
mechanism.

I realize that this would cause syslog-ng to process each of these messages
twice, but the source of the messages do not yet have a datestamp, facility,
priority, tag or host associated with them (ie they are not syslog format
yet). This is the same as messages comming from a pipe. It would be nice to
regexp match these messages an syslog them with appropriate
facility.priority information, not to mention a meaningfull tag.

I realize that this option could result in a circular path for a message,
but with some care, the messages from a given source (file, pipe, standard
input etc) can be passed to syslog which could in tern be loged to a file
locally, or transfered to a central logger.

This would be sufficient to get most, if not all, log messages fom all
applications into a single syslog architecture. Apache and mysql are the big
two, but Tivoli Storage manager is also a problem at our site.

Thanks for the consideration.

Evan.

On Mon, 10 Oct 2005, Evan Rempel wrote:

> Date: Mon, 10 Oct 2005 07:13:51 -0700 (PDT)
> From: Evan Rempel <erempel at UVic.CA>
> To: Syslog-ng users' and developers' mailing list
>     <syslog-ng at lists.balabit.hu>
> Subject: logger-ng needed
>
>
> This is a little off topic for syslog-ng, but I bring it up here 
> because syslog-ng has 90% of the code already written to accomplish this.
>
> I need a tool to get data into my syslog-ng architecture. There are a 
> number of programs that log to files or that standard output only. I 
> can use tools like chronolog to manage the rollover of the files but 
> that does not get the data into syslog-ng. I can pipe the data into 
> "logger -pxxx.yyy -tag zzz" but this sends all of the messages with 
> the same priority.
>
> I would like a tool that can filter the input using regular 
> expressions and then syslog the message to a specified facility.level and
tag.
>
> Syslog-ng has all of the code for reading from a variety of sources.
> Syslog-ng has all of the code to filter based on regular expressions 
> All that needs to be added is applying the facility.level, tag and 
> syslogging the message.
>
> I would like the developers of syslog-ng to consider writing a 
> logger-ng to go along with it. A sample configuration file is included 
> below just so that I get all of my thoughts into this one e-mail. If 
> no configuration file was specified, then it could oporate just like 
> logger, or it could simply be a new tool rather than a replacement.
>
> Thanks for a great syslog deamon.
>
> Evan Rempel
>
> ------------------ example configuration file 
> ------------------------------- source my_app { 
> unix-stream("/tmp/logpipe" tag(my_apps_name)); }; source second_app { 
> file("/var/log/http_access" tag(second_app_name)); };
>
> filter find_errors(match(*error*); }
>
> destination user.info { facility(user); level(info); }; destination 
> user.error { facility(user); level(error); }; destination local4.info 
> { facility(local4); level(info); }; destination local4.error { 
> facility(local4); level(error); }; # perhaps the destinations are 
> predefined as I think they will always be # the syslog priorities.
>
> log { source(my_app); filter(find_errors); destination(user.error); }; 
> log { source(my_app); destination(user.info); flags(fallback);
>
> log { source(second_app); filter(find_errors); 
> destination(local4.error); }; log { source(second_app); 
> destination(local4.info); flags(fallback);
>
> # the fallback option would only have the scope for the given source. 
> Each # source would require its own fallback flag.
>
>
> ------------------ end example configuration file 
> ---------------------------
>
>
_______________________________________________
syslog-ng maillist  -  syslog-ng at lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html

More information about the syslog-ng mailing list