[syslog-ng] Re: Tool to determine facility and severity from syslog packets

[Nate Campi]

On Wed, Dec 06, 2006 at 11:49:19AM +0000, G.W. Haywood wrote:
> Hi there,
> 
> On Wed, 6 Dec 2006 Paul Krizak wrote:
> 
> > # The big monolithic syslog file
> > destination d_big_messages {
> >      file (
> >          "/var/log/logs/messages.log"
> 
> How about
> 
> # The several separate syslog files
> destination d_separated_messages {
>      file (
>          "/var/log/logs/$FACILITY.log"

Sorry if anyone mentioned this already, but I'd sniff the wire if I had
the time/patience, or just make syslog-ng tell me and I'd come back and
look later:

# set it up
destination logxtra {
        file("/var/log/tell_me_the_facility_and_severity_please"
        owner(root) group(syslog) perm(0640) dir_perm(0750)
	dir_group(syslog) dir_owner(root) create_dirs(yes)
        template("$DATE $FULLHOST $PROGRAM: [$FACILITY.$LEVEL] $MSGONLY\n" ) template-escape(no)  ); 
};

# log it
log {
        source(s_local);
        source(s_net);
        destination(logxtra);
};

This looks rather like the Solaris 8+ syslog format, lacking the message
ID, of course.
-- 
Nate

"Fifty years of programming language research, and we end up with C++ ???"
 - Richard A. O'Keefe.