[syslog-ng] file source driver questions

[Michael Hocke]

Hi,

I have an application here that does not use syslog but writes all  
log messages straight into a file. I want to use syslog-ng to pick up  
the entries of that file and send them over to my log repository via  
syslog. I am running 3.0.1 and the config looks as follows:

* Client side (radserver):

source s_accounting { file ("/opt/CSCOar/logs/accounting.log"  
follow_freq (1) program_override ("radius") flags (no-parse)); };
destination d_archive   { udp ("a.b.c.d"); };
log { source (s_accounting); destination (d_archive); };


* Server side (a.b.c.d):

source s_udp { udp (); };
destination d_radius { file ("/usr/local/var/log/remote/$HOST_FROM/ 
accounting.log" template ("$MSGONLY\n")); };
filter f_radius    { host ("radserver") and facility (kern); };
log { source (s_udp); filter (f_radius); destination (d_radius);  
flags (final); };


That works but there are a couple of minor things.

- By default all messages coming from the file source driver are  
tagged with the kern facility. I was not able to find this in the  
documentation but the source code (cfg-grammar.y) revealed that the  
file driver accepts the options "facility()" and "level()" to change  
this behavior.

source s_accounting { file ("/opt/CSCOar/logs/accounting.log"  
follow_freq (1) program_override ("radius") flags (no-parse)
                       facility (local7)); };

fixed that problem.

- Empty lines seem to be ignored and not transmitted. The entries:

"La la
blah blah

Hi There
good-bye"

end up as

"La la
blah blah
Hi There
good-bye"

in my log file on the server side. Is there a way to enable that?

Thanks!

- Michael