Redirecting syslog output for certain processes to a particular file

Question

I must admit to being a complete syslog newbie. I haven't touched it until now, but I use its output on a daily basis, like most of us :)

I currently have a problem with the gmetad daemon spamming my /var/log/messages file with messages like the following:

Sep 1 10:09:49 monitor /usr/sbin/gmetad[31752]: RRD_update (/var/lib/ganglia/rrds/Machines/SummaryInfo/example.rrd): illegal attempt to u pdate using time 1314868188 when last update time is 1314868188 (minimum one second step).

I'm not too worried about the error, what I want to do is redirect these particular messages to another log file (e.g /var/log/gmetad.log). The problem is that there doesn't seem to be any way to direct gmetad's logs to a certain place in its config (and documentation for this particular piece of software seems quite sparse). So I was wondering if it was possible to use the "local" facility in syslog to grab these messages and stick them somewhere else to leave /var/log/messages a bit cleaner.

Can anyone help? Does anyone have any examples for the "local" facilities?

Answer 1

Which syslog daemon do you have ? Syslogd ? syslog-ng ? rsyslog ? The syntax is different for each daemon.

for example in rsyslog, you could do something like

local5.* /var/log/gmetad.log 

{you must find application's facility}

otherwise you could do something like

if $msg contains gmetad then /var/log/gmetad.log