[syslog-ng] I need to add more facilities
Balazs Scheidler
bazsi at balabit.hu
Fri Oct 21 10:17:51 CEST 2005
On Fri, 2005-10-21 at 01:03 -0500, Kevin wrote:
> On 10/20/05, Yan M. <yannnick_m at yahoo.com> wrote:
> > searching through the documentation, FAQ, README
> > and INSTALL I didnt find anywhere mentionned that I can
> > create new facilities.
> >
> > I read that syslog-ng has the same facilities than syslog in Solaris.
>
> Technically, syslog-ng has the same facilities as all
> standards-compliant syslog daemons, because the facility range is
> defined in RFC 3164
>
> There are only 24 legal values for the facility, and eight legal
> values for severity.
>
> > What I want to do is to have more facilities, with significative names
> > like httpd0, httpd1, httpd2, httpd3.....and so on to httpd50.
> >
> > This is to split message received from my apache VirtualHosts AccessLog and
> > ErrorLog
>
> How would you cause Apache to generate "syslog" messages with
> non-standards-conformant facility values, corresponding to your
> virtual hosts?
>
>
> > I dont want to filter using regexp, only with facility
>
> One ugly hack to accomplish what you ask would be to use the standard
> facilities and severities to indicate which virtual host sourced the
> traffic. So "kern.debug" would be httpd0, kern.info would be httpd1,
> and local7.emergency would be httpd191
>
> It might be easier to just use regex.
syslog-ng 2.x allows specifying facility values by number, even still
difficult to generate non-compliant facility messages in the first
place.
The reason why the facility based filtering failed in the first place
was that no appropriate processes were created to allocate new numbers.
--
Bazsi
More information about the syslog-ng
mailing list