# can't change the destination socket with logger?



## id (Nov 29, 2011)

Linux and older versions of FreeBSD logger could log to a socket other than /var/run/log with a commandline switch. Is there a way to get logger to do it or any alternatives?

Thanks,
-id


----------



## DutchDaemon (Nov 30, 2011)

Look into the *-l* flag of syslogd(8). You can define an additional log socket wherever you like in rc.conf(5), use an unused facility like local7 in syslog.conf(5) to point logging to that socket, and tell logger to log to the local7 facility using the *-p* flag.

Just an example:
rc.conf

```
syslogd_flags="-s -cc -l /tmp/socket"
```
syslog.conf

```
local7.*					/tmp/socket
```


```
# sockstat | grep /tmp/socket                                                                                                              
root     syslogd    27452 6  dgram  /tmp/socket
```

[cmd=]logger -p local7.info "something"[/cmd]

I'm not quite sure whether this works or not; can sockets be defined and written to like this in syslog.conf? A char device like /dev/console can be used, so maybe a socket will work here as well. The socket is not being overwritten by this logger command anyway. In other words, it doesn't suddenly turn into a file called /tmp/socket containing the line 
	
	



```
something
```

Try, I guess.


----------



## id (Nov 30, 2011)

*The issue is logger, not syslog*

I'm using logger inside httpd.conf to push logs to a socket in a jail, and reading that socket via syslog-ng from the parent OS.

ie: 

```
ErrorLog "|/usr/bin/logger -t 'jail_apache'  -u /var/log/apache_log.socket"
```

which I cannot do since logger doesn't support sending data to an alternate socket.

Cheers,
-id


----------



## DutchDaemon (Dec 1, 2011)

So what happens if you let it push logging to the alternate socket via the method I proposed, instead of writing to it _directly_? In other words: tell logger to talk to syslogd, and let syslogd handle the socket.


----------



## id (Dec 2, 2011)

*Worked*

Thanks DutchDaemon, I misread your post the first time through, your method did work. I was also able to do it via tagging the packet with a unique string and letting syslog-ng's regex matching just sort them out for me. I ended up going with tagging since my goal was to not run syslogd in the jail.

Cheers,
-id


----------

