Adding a new facility to syslog

Question

The docs give a fixed list of facilties for syslog, but it's clearly possible to have more (http isn't on the list). Do I just describe it in the conf file and start using it or is is more involved? (It's an ecommerce system and I want to log the payment activities better.)

score 4 · Answer 1 · edited Oct 07 '21 at 06:47

4

The syslog protocol only allows the predefined facilities defined in RFC 3164. Most (if not all) syslog daemons will process messages with different facility identifiers as corrupt.

But you can easily use the facilities local0 through local7 for your custom logging needs, which is what they are there for.

edited Oct 07 '21 at 06:47

Community

1

answered Oct 22 '11 at 14:59

joschi

21,665

How does Apache do it? – Michael Lorton Oct 22 '11 at 15:01
3

It doesn't. Apache httpd either writes its own log files (not using the system's syslogd) or uses the configured facility (see documentation on ErrorLog: http://httpd.apache.org/docs/current/mod/core.html#errorlog) – joschi Oct 22 '11 at 15:44

score 1 · Answer 2 · answered Oct 22 '11 at 15:30

1

AFAIK, you cannot. You probably want to take a look at the filter function of rsyslog or syslog-ng.

answered Oct 22 '11 at 15:30

quanta

51,798

score 0 · Answer 3 · answered Oct 26 '11 at 16:26

0

You can use a filter function in the aforementioned tools. You can also use a syslog manager such as LogZilla to filter search and graph results based on facility.

answered Oct 26 '11 at 16:26

Bobby Simpson

1

Adding a new facility to syslog

3 Answers3