[syslog-ng] syslog configuration
anthony lineham
anthony.lineham at alliedtelesis.co.nz
Tue Jan 16 21:02:23 CET 2007
Sorry, I just realised your log messagess are coming from a different
device so, as someone else
has said, use the match() utility instead.
Anthony
>>> "anthony lineham" <anthony.lineham at alliedtelesis.co.nz> 01/17/07
8:56 AM >>>
Hi Jawad,
Have you considered using the program name filter utility?
eg:
filter f_appA { program(appA); };
I'm using it in my current application and it seems to work very
nicely.
Regards
Anthony
>>> jawed abbasi <jabbasi at yahoo.com> 16/01/2007 5:21 p.m. >>>
Thanks Kalin
But problem is I can't modify the behaviour of the application (
application which I called a process), its almost impossible, because
code is not available to me.
but because each process or application runs under different name,
that
might help me if its possible to go with regex filtering.
thanks
Kalin KOZHUHAROV <kalin.kozhuharov at jp.adecco.com> wrote: [fixed
quoting]
Hi Jawed,
jawed abbasi wrote:
>> */Kalin KOZHUHAROV /* wrote:
>>
>> jawed abbasi wrote:
>>> Hi
>>>
>>> I am wondering if there is a way to config syslog- ng so that
>>>
>>> * it receives data from multiple processes running on the same
>>> source hosts and writting top the same port, without using
>>> (facility or severity levels) and still syslog writes a separate
>>> logfile for each process?
>>>
>> Yes, it depends.
>>
>>> for example:
>>>
>>> HOST A runs all follwing processes which all write to same port
>>> 908
>>>
>>> proces A
>>> process b
>>> process c
>>>
>>> but different log files are created for each process.
>>
>> If you can distinguish the output of each process, syslog- ng can
>> also (via regex). A simple way to do that is to include PID in each
>> MSG (a very common approach in non- Windoze world).
>
>
> not sure what you mean include pid? how to add pid in msg? can you
> give me an example
PID is short for Process Identifier[1]. Generally, all processes in a
OS
can obtain their PID from the OS by invoking some function (e.g. `echo
$$` in bash).
The processes A,a,b above have to be modified to perpend their PID in
their log output. For example, an excerpt from my logs:
Jan 16 12:30:00 oss fcron[29796]: Job /usr/bin/test - x
/usr/sbin/run- crons && /usr/sbin/run- crons started for user root
(pid
29797)
Jan 16 12:40:00 oss fcron[29941]: Job /usr/bin/test - x
/usr/sbin/run- crons && /usr/sbin/run- crons started for user root
(pid
29942)
Note the end of the lines. You can filter things like that based on
the
"\(pid (\d+)\)" regex if I am not wrong in the syntax.
That is it.
[1] http://en.wikipedia.org/wiki/Process_identifier
All the best,
Kalin.
--
| A |
| D |
| J |
| P |
_______________________________________________
syslog- ng maillist - syslog- ng at lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog- ng
Frequently asked questions at http://www.campin.net/syslog-
ng/faq.html
---------------------------------
Everyone is raving about the all- new Yahoo! Mail beta.
_______________________________________________
syslog- ng maillist - syslog- ng at lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog- ng
Frequently asked questions at http://www.campin.net/syslog-
ng/faq.html
More information about the syslog-ng
mailing list