[syslog-ng] Chroot/Vserver config

[Ed W]

Hi

I am setting up a bunch of vserver machines on a single host (basically
just a fancy chroot setup) - just looking for advice on a decent setup.

1) Would prefer not to run multiple instances of syslogd in each vserver
if possible (no special reason, just seems pointless).
2) Each vserver runs multiple processes, so need a fairly fully featured
set of logging for each
3) Want to keep the logs readonly, or basically untouchable in the vservers

So I tried

a) setting up the host system to run the /vserver/xxx/dev/log as it's source
b) using destinations of the form: "/var/log/$HOST/messages",
"/var/log/$HOST/mail.log", etc

However, this doesn't seem to work because $HOST always shows the same
name for every vhost (actually it has the name of the host server)

I tried setting up syslog-ng in each vserver to log via a unix-stream to
the host and again this has the same issue $HOST is always the same as
the host machine

What does seem to work is running syslog-ng in each vhost and logging
via TCP.  OR using duplicating my destination {} and log{} stanzas for
every single vserver, ie basically filtering on the source{}.  However,
this later option seems error prone and boring to maintain, the former
option seems to need extra resources and unneccesarily complicated for
such a simple setup

What I really want is some way that I can set some MACRO in the
"source{}" stanza and then use that later on in my destinations{} - is
this possible?  Any other ways to achieve this?  Actually I can't find
any way to define custom macros, but this feature would seem to solve a
lot of configuration scenarios?

Grateful for any pointers

Ed W