[syslog-ng] Rewrite facility names of remote logs
Martin Holste
mcholste at gmail.com
Fri Mar 25 18:22:02 CET 2011
Is "tomcat" the $PROGRAM or the $FACILITY name? I would think it
would be $PROGRAM like "ssh" or "apache."
On Fri, Mar 25, 2011 at 9:44 AM, Steve Smith <ssmith at xpressdocs.com> wrote:
> I’ve setup Syslog-NG to receive logs from other servers which have been
> configured as follows -
> Tomcat servers are forwarding logs as facility6 to rsyslog, which then
> forwards to central log server.
> Apache servers are forwarding logs as faility5 to rsyslog which then
> forwards to central log server.
>
> When I receive these logs on the central log server, they are written to
> files as their facility name, i.e. local6.$DAY.
> Is there a way to change or re-write the facility name on the fly so that
> instead of local6.$DAY I can get the file written as tomcat.$DAY?
>
> Here is the configuration I’m using to store the logs -
>
> destination d_net {
> file("/var/log/hosts/$YEAR/$MONTH/$HOST/$FACILITY.$DAY"
> owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes)
> );
> };
>
> log {
> source(s_net);
> destination(d_net);
> };
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
>
>
>
More information about the syslog-ng
mailing list