My name is Krishna. Below is my requirement.
There are some applications (approximately 20) running in the system that generate event logs. My syslog-ng based syslog client should monitor all the events generated by all applications and forward them to syslog server as per configuration mentioned in /etc/syslog-ng/syslog-ng.conf. I am using Kiwi Syslog Server from SolarWinds as a server. I referred syslog-ng documentation and found having "default-facity()", "default-priority()" in source definition is best suitable for my requirement. I create different files in the system. I save event logs from different applications to different files. I configure those files as sources, so that the event logs coming into the files get monitored by syslog-ng daemon and get forwarded to syslog server based on destination rule mentioned in /etc/syslog-ng/syslog-ng.conf.
Applications that are running in the system can log the events of any severity. As per the standard, there are 8 different severities (Emergency - 0, Alert - 1, Critical - 2, Error - 3, Warning - 4, Notice - 5, Info - 6, Debug - 7). For one application, to handle the logs of different severities, 8 different files can be created and the same can be mentioned in 8 'source' rules. In this way, event log with different severity can be saved into different file and the same can be monitored and forwarded to syslog server by syslog-ng.
So, for my requirement to have 20 applications running in the system and to support syslog functionality to all the applications, I need to create 160 (20 * 8) different files to handle event logs of different severities from different applications. I feel this is not efficient way.
I request your suggestions to handle priority (can be calculated based on facility and severity of log message) information efficiently for my requirement.
Thanks so much in advanced.
With best regards,