[syslog-ng] syslog configuration
Kalin KOZHUHAROV
kalin.kozhuharov at jp.adecco.com
Tue Jan 16 04:52:26 CET 2007
[fixed quoting]
Hi Jawed,
jawed abbasi wrote:
>> */Kalin KOZHUHAROV <kalin.kozhuharov at jp.adecco.com>/* wrote:
>>
>> jawed abbasi wrote:
>>> Hi
>>>
>>> I am wondering if there is a way to config syslog-ng so that
>>>
>>> * it receives data from multiple processes running on the same
>>> source hosts and writting top the same port, without using
>>> (facility or severity levels) and still syslog writes a separate
>>> logfile for each process?
>>>
>> Yes, it depends.
>>
>>> for example:
>>>
>>> HOST A runs all follwing processes which all write to same port
>>> 908
>>>
>>> proces A
>>> process b
>>> process c
>>>
>>> but different log files are created for each process.
>>
>> If you can distinguish the output of each process, syslog-ng can
>> also (via regex). A simple way to do that is to include PID in each
>> MSG (a very common approach in non-Windoze world).
>
>
> not sure what you mean include pid? how to add pid in msg? can you
> give me an example
PID is short for Process Identifier[1]. Generally, all processes in a OS
can obtain their PID from the OS by invoking some function (e.g. `echo
$$` in bash).
The processes A,a,b above have to be modified to perpend their PID in
their log output. For example, an excerpt from my logs:
Jan 16 12:30:00 oss fcron[29796]: Job /usr/bin/test -x /usr/sbin/run-crons && /usr/sbin/run-crons started for user root (pid 29797)
Jan 16 12:40:00 oss fcron[29941]: Job /usr/bin/test -x /usr/sbin/run-crons && /usr/sbin/run-crons started for user root (pid 29942)
Note the end of the lines. You can filter things like that based on the
"\(pid (\d+)\)" regex if I am not wrong in the syntax.
That is it.
[1] http://en.wikipedia.org/wiki/Process_identifier
All the best,
Kalin.
--
| A |
| D |
| J |
| P |
More information about the syslog-ng
mailing list