[syslog-ng] setting facility/level of source log messages ?
Balazs Scheidler
bazsi at balabit.hu
Tue Mar 10 22:51:16 CET 2009
On Wed, 2009-03-04 at 14:26 +0100, Xavier Lapie wrote:
> On Wed, Mar 04, 2009 at 10:19:55AM +0100, Balazs Scheidler wrote:
> > Hi,
> >
> > Thanks for your contribution, it is really appreciated. However as I
> > said the 3.0 branch already has a less general solution to the same
> > problem. Could you update your patch against 3.0, making the file
> > specific options LogReader specific?
>
> Hi,
>
> I hope this version is ok for your 3.0 branch.
I have added this functionality, but I'm afraid I basically rewrote your
patch completely. Instead of using a separate fake_facility/fake_level
keywords, I used the already existing facility/level options. Also, I
have changed the behaviour slightly which covers your case but also fits
to the syslog-ng model a bit better:
instead of overwrite the facility/level value, the user can specify the
default facility/level values, and it gets used when the message does
not specify one (e.g. no-parse, or a message without a proper fac/level
value)
So from now on, it is possible to do things like:
source aaa { udp(facility(syslog) level(emerg)); };
And if the message does not have a proper syslog header containing the
above values, it'll use the ones specified in the configuration file.
Now as I think of it, it might be better to really use a separate
keyword for this, e.g. default-facility() and default-level()
Any opinions?
The patch in its current form can be found here:
http://git.balabit.hu/?p=bazsi/syslog-ng-3.0.git;a=commit;h=2bddf91e2dc3b1f590f3cff2f735cb6ccd5531a7
Tomorrow's nightly snapshot should contain it.
--
Bazsi
More information about the syslog-ng
mailing list