[syslog-ng] syslog configuration

Hari Sekhon hpsekhon at googlemail.com
Tue Jan 16 11:08:02 CET 2007 

you need a way to differential between the 3 processes. Are they three 
instances of the same program or different programs? It would help if 
you could give us an example of the logs.


Hari Sekhon



jawed abbasi wrote:
> Thanks Kalin
>
> But problem is I can't modify the behaviour of the application ( 
> application which I called a process), its almost impossible, because 
> code is not available to me.
> but because each process or application runs under different name, 
> that might help me if its possible to go with regex filtering.
>
> thanks
>
> */Kalin KOZHUHAROV <kalin.kozhuharov at jp.adecco.com>/* wrote:
>
>     [fixed quoting]
>
>     Hi Jawed,
>
>     jawed abbasi wrote:
>     >> */Kalin KOZHUHAROV /* wrote:
>     >>
>     >> jawed abbasi wrote:
>     >>> Hi
>     >>>
>     >>> I am wondering if there is a way to config syslog-ng so that
>     >>>
>     >>> * it receives data from multiple processes running on the same
>     >>> source hosts and writting top the same port, without using
>     >>> (facility or severity levels) and still syslog writes a separate
>     >>> logfile for each process?
>     >>>
>     >> Yes, it depends.
>     >>
>     >>> for example:
>     >>>
>     >>> HOST A runs all follwing processes which all write to same port
>     >>> 908
>     >>>
>     >>> proces A
>     >>> process b
>     >>> process c
>     >>>
>     >>> but different log files are created for each process.
>     >>
>     >> If you can distinguish the output of each process, syslog-ng can
>     >> also (via regex). A simple way to do that is to include PID in each
>     >> MSG (a very common approach in non-Windoze world).
>     >
>     >
>     > not sure what you mean include pid? how to add pid in msg? can you
>     > give me an example
>     PID is short for Process Identifier[1]. Generally, all processes
>     in a OS
>     can obtain their PID from the OS by invoking some function (e.g. `echo
>     $$` in bash).
>
>     The processes A,a,b above have to be modified to perpend their PID in
>     their log output. For example, an excerpt from my logs:
>
>     Jan 16 12:30:00 oss fcron[29796]: Job /usr/bin/test -x
>     /usr/sbin/run-crons && /usr/sbin/run-crons started for user root
>     (pid 29797)
>     Jan 16 12:40:00 oss fcron[29941]: Job /usr/bin/test -x
>     /usr/sbin/run-crons && /usr/sbin/run-crons started for user root
>     (pid 29942)
>
>     Note the end of the lines. You can filter things like that based
>     on the
>     "\(pid (\d+)\)" regex if I am not wrong in the syntax.
>
>     That is it.
>
>     [1] http://en.wikipedia.org/wiki/Process_identifier
>
>     All the best,
>
>     Kalin.
>
>     -- 
>     | A |
>     | D |
>     | J |
>     | P |
>     _______________________________________________
>     syslog-ng maillist - syslog-ng at lists.balabit.hu
>     https://lists.balabit.hu/mailman/listinfo/syslog-ng
>     Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
>
>
> ------------------------------------------------------------------------
> Everyone is raving about the all-new Yahoo! Mail beta. 
> <http://us.rd.yahoo.com/evt=45083/*http://advision.webevents.yahoo.com/mailbeta> 
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> syslog-ng maillist  -  syslog-ng at lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
>
>   
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20070116/9c4b53ef/attachment-0001.html

More information about the syslog-ng mailing list