[syslog-ng] I need to add more facilities

Kevin kkadow at gmail.com
Fri Oct 21 08:03:25 CEST 2005


On 10/20/05, Yan M. <yannnick_m at yahoo.com> wrote:
>  searching through the documentation, FAQ, README
> and INSTALL I didnt find anywhere mentionned that I can
> create new facilities.
>
> I read that syslog-ng has the same facilities than syslog in Solaris.

Technically, syslog-ng has the same facilities as all
standards-compliant syslog daemons, because the facility range is
defined in RFC 3164

There are only 24 legal values for the facility, and eight legal
values for severity.

> What I want to do is to have more facilities, with significative names
> like httpd0, httpd1, httpd2, httpd3.....and so on to httpd50.
>
> This is to split message received from my apache VirtualHosts AccessLog and
> ErrorLog

How would you cause Apache to generate "syslog" messages with
non-standards-conformant facility values, corresponding to your
virtual hosts?


> I dont want to filter using regexp, only with facility

One ugly hack to accomplish what you ask would be to use the standard
facilities and severities to indicate which virtual host sourced the
traffic.  So "kern.debug" would be httpd0, kern.info would be httpd1,
and local7.emergency would be httpd191

It might be easier to just use regex.


Kevin Kadow


More information about the syslog-ng mailing list