[syslog-ng] Rewrite facility names of remote logs

Steve Smith ssmith at xpressdocs.com
Fri Mar 25 15:44:17 CET 2011


I've setup Syslog-NG to receive logs from other servers which have been configured as follows -
Tomcat servers are forwarding logs as facility6 to rsyslog, which then forwards to central log server.
Apache servers are forwarding logs as faility5 to rsyslog which then forwards to central log server.

When I receive these logs on the central log server, they are written to files as their facility name, i.e. local6.$DAY.
Is there a way to change or re-write the facility name on the fly so that instead of local6.$DAY I can get the file written as tomcat.$DAY?

Here is the configuration I'm using to store the logs -

destination d_net {
    file("/var/log/hosts/$YEAR/$MONTH/$HOST/$FACILITY.$DAY"
        owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes)
    );
};

log {
    source(s_net);
    destination(d_net);
};
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20110325/a2eae5ea/attachment.htm 


More information about the syslog-ng mailing list