I'm using syslog-ng and currently my config only separates log files based on ip address and facility:
source s_network_udp {
syslog(transport(udp) port(514));
};
destination d_local {
file("/var/log/${HOST}/${FACILITY}.log" create_dirs(yes));
};
log {
source(s_network_udp);
destination(d_local);
};
this gives me this:
./0.0.0.1/daemon.log
./0.0.0.1/user.log
./0.0.0.1/kern.log
./0.0.0.2/daemon.log
./0.0.0.2/user.log
./0.0.0.2/kern.log
./0.0.0.3/daemon.log
./0.0.0.3/user.log
./0.0.0.3/kern.log
./0.0.0.4/daemon.log
./0.0.0.4/user.log
./0.0.0.4/kern.log
The daemon.log
files have lines like this:
Sep 2 23:19:33 hostname systemd-resolved[1290]: etc
Sep 2 23:20:01 hostname CRON[2342925]: etc
Sep 2 23:20:01 hostname CRON[2342924]: etc2
Is there a way to have syslog-ng make a file for every process[1]:
instead of just daemon,user,kern ?