[syslog-ng] file() sourcing application logs

[Chris Pratt]

Alan Edmonds wrote:
> We are doing something similar; we use tomcat and apache.
> For apache, something like this (we are using 2.0):
>
> CustomLog "|/usr/bin/logger -p local1.info -t apache-access "
> access-format
>
> Then on syslog-ng I use the "tag" to point it to the right log file.
>
>
> For tomcat, that is tougher;  stack dumps are a curse to syslog.
>
> There is a hook in the Catalina startup scripts to create a named pipe
> for gc.out and tomcat.out.  The it spawns a logger -p local2.info <
> gc.out-named-pipe thingy to send to syslog-ng.
>
> I can send more details if you need them.
> Alan
>
> T-Mobile International UK Limited
> Company Registered Number: 3951860
> Registered Office Address: Hatfield Business Park, Hatfield, Hertfordshire, AL10 9BW
> Registered in England and Wales
>  
> NOTICE AND DISCLAIMER
>  
> This email (including attachments) is confidential. If you are not the intended recipient, notify the sender immediately, delete this email from your system and do not disclose or use for any purpose
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
>
>   
Thanks for your response Alan!  I would appreciate any additional
details that you could provide.  I am responsible for setting up the log
server, but not sure about reconfiguring the application pieces so
much.  I took a look at startup.sh and catalina.sh, but am not sure
about the pipe option you mentioned.  Does that keep the wrapping events
as a single event in syslog?  If so it sounds like what I need.  As for
the logger piece, it looks like you can set the facility and priority
along with tagging to get it to the right syslog-ng destination, but do
you still get multi-lines if the message wraps?  I would definitely like
to hear more.  Thanks again.

Chris