[syslog-ng] logging facility in log file

Tue Jul 1 00:42:27 CEST 2008

What you're after is in chapter 3 section 7 of the administrator guide.

http://www.balabit.com/dl/html/syslog-ng-admin-guide_en.html/ch03s07.html

Following the example to add the facility and level to log messages written to 
/var/log/messages the configuration would look something like this 

destination d_file { 
             file("/var/log/messages" 
                template("$FACILITY:$PRIORITY $MSG\n"; template_escape(no))); };

>>> Jing CDL Sun <sjing at cn.ibm.com> 07/01/08 3:31 AM >>> 

Thank you, Sandor.

I have read the syslog-ng documentation, and only found a FACILITY and
PRIORITY sample in it, such as:
destination hosts { file("/var/log/syslogs/$HOST/$FACILITY" owner(root)
group(root) perm(0600) dir_perm(0700) create_dirs(yes));};

but my purpose is not to log these message into a file named as FACILITY,
but to include this FACILITY in my log files, for example:
Jun 25 20:53:34 c890f12ec07 local6:warn|warning c890f12ec07 root: sunjing
test 1

"local6:warn" is what I wanted in the log file....could you help?

             "Geller, Sandor                                           
             \(IT\)"                                                   
             <Sandor.Geller at mo                                          To
             rganstanley.com>          "'Syslog-ng users' and developers'
             Sent by:                  mailing list'"                  
             syslog-ng-bounces         <syslog-ng at lists.balabit.hu>    
             @lists.balabit.hu                                          cc

                                                                   Subject
             2008-06-30 18:11          Re: [syslog-ng] logging facility in
                                       log file                        

             Please respond to                                         
             "Syslog-ng users'                                         
              and developers'                                          
               mailing list"                                           
             <syslog-ng at lists.                                         
                balabit.hu>                                            

Hi,

> I am using syslog-ng to do remote logging for facility of
> "local6" and priority of "warn", the log server is Linux
> system(SLES10 SP1), it works well with the message content,
> only one problem is the keyword of "local6" is not logged in
> the log file, please see the details below:
> on c890mgrs4(Linux)
> Jun 25 20:53:34 c890f12ec07 root: sunjing test 1
> Jun 25 20:53:38 c890f12ec07 root: sunjing test 2
>
> I did the same thing on AIX log server, while it could log
> the keyword of "local6" in log file:
> on c890mgrs3(AIX)
> Jun 25 20:53:34 c890f12ec07 local6:warn|warning c890f12ec07
> root: sunjing test 1
> Jun 25 20:53:38 c890f12ec07 local6:warn|warning c890f12ec07
> root: sunjing test 2
>
> So I am guessing that I did not enable this facility logging
> in syslog-ng, maybe syslog-ng has a certain configuration
> that could let the "facility" logged in message file, am I
> right? or could you point me to the correct method? I need
> this "facility" information to develop my applications.

There are macros which you could use (FACILITY, PRIORITY).
Simply add a template containing these to the destination
section(s). You should check the reference documentation
about templates and macros.

Regards,

Sandor
--------------------------------------------------------

NOTICE: If received in error, please destroy and notify sender. Sender does
not intend to waive confidentiality or privilege. Use of this email is
prohibited when received in error.
______________________________________________________________________________

Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation:
http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.campin.net/syslog-ng/faq.html