2

I'm using syslog-ng and currently my config only separates log files based on ip address and facility:

source s_network_udp {
  syslog(transport(udp) port(514));
};

destination d_local {
  file("/var/log/${HOST}/${FACILITY}.log" create_dirs(yes));
};

log {
  source(s_network_udp);
  destination(d_local);
};

this gives me this:

./0.0.0.1/daemon.log
./0.0.0.1/user.log
./0.0.0.1/kern.log
./0.0.0.2/daemon.log
./0.0.0.2/user.log
./0.0.0.2/kern.log
./0.0.0.3/daemon.log
./0.0.0.3/user.log
./0.0.0.3/kern.log
./0.0.0.4/daemon.log
./0.0.0.4/user.log
./0.0.0.4/kern.log

The daemon.log files have lines like this:

Sep  2 23:19:33 hostname systemd-resolved[1290]: etc
Sep  2 23:20:01 hostname CRON[2342925]: etc
Sep  2 23:20:01 hostname CRON[2342924]: etc2

Is there a way to have syslog-ng make a file for every process[1]: instead of just daemon,user,kern ?

Improve this question

0

Reset to default

You must log in to answer this question.

Browse other questions tagged .