[syslog-ng] use syslog-ng to monitor just couple of processes

Fri Oct 27 19:12:28 CEST 2006

I've not used rsyslog myself, but it seems a lot closer to the old
syslog than syslog-ng which is quite different and very flexible.
Rsyslog seems to do most of the things that syslog-ng does so I guess it
might be down to which you personally prefer.

Syslog-ng seems more prevalent, and although rsyslog seems to have built
in mysql support, whereas syslog-ng uses a tiny glue shell script, the
syslog-ng way works well enough too. I run my central logserver this way
and it is reliable.

Neither of these things really support web interfaces to my knowledge.
My web interface is an interface to mysql,  nothing to do with syslog-ng....

-h

Hari Sekhon

Tiger Peng wrote:
> Hi, Hari:
>   Thanks a lot, since I also consider to dump the
> syslog-ng log to database (MySQL or Oracle), do you
> think it is better to choose the syslog-ng, or
> rsyslog, it looks like the syslog-ng has better web
> interface supporting, but rsyslog has the better built
> in MySQL database support.
>   Definitely, I will take your advice to read through
> all the syslog-ng documents and FAQ. Thanks again.
>
>
>
>   David
>
> = = = Original message = = =
>
> ?
>
> You don't use syslog-ng in this way. For what you want
> to do you should make your application output the
> information you want to the standard syslog and use
> syslog-ng as your logger. Then use filters to extract
> the messages you want the launch an external program
> to email them off to you or something. That is what I
> did. A few lines of code, some regex filtering with
> syslog-ng definitions is all it takes.
>
> Now you have all the pointers, you can read the docs
> on filtering, program(), etc. 
> Although it sounds like you don't have a good grasp of
> the whole logging thing yet so my advice is to read
> all the syslog-ng docs and faq. They are worth the
> read.
>
> -h
>
>
>
> Hari Sekhon  
>
> Tiger Peng wrote:  
>   
>      I have two questions about how to use the
> syslog-ng to monitor just couple of processes. 
>      In my case, I try to use some kind of utility to
> just monitor 4 to 8 different processes, some of them
> are system resource, but some of them are new
> developed processes. Here are my questions. 
>   
> 1. can I start a seperate syslog-ng, I mean if I can
> keep syslogd running, but start another syslog-ng
> process to dedicate the service for my special
> purpose. 
>   
> 2. I guess syslog-ng has some kind of filter which can
> filter the information, but how can I expand it
> ability to receive some specific information or more
> field, such as message ID. Is this configurable, or I
> must modify the source to support it. 
>   
>     Thanks. 
>   
>   
>   
>      David 
>   
>
>   _______________________________________________
> syslog-ng maillist  -  syslog-ng at lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Frequently asked questions at
> http://www.campin.net/syslog-ng/faq.html
>
> ___________________________________________________________
> Sent by ePrompter, the premier email notification
> software.
> Free download at http://www.ePrompter.com.
>
>   