Is there a common way of distinguishing between the messages of multiple processes in syslog-ng beside setting different facilities?
+1 if filtering and therefore logging in different files would be possible.
I have a system setup with two running sshd instances. One is running in a chrooted environment. Since syslog is used, all messages end up in the same logfile.
One possibility would be to change the facility of the jailed sshd to something like local0, but I wonder if there is some 'cleaner' way to do this.
Installing other syslog daemon, for example rsyslog is not an option here.
This question is somehow related to:
Best Answer
Change the name of the executable (note that that also affects PAM configuration).
Start as
/path/to/sshd-whatever. And define PAM configuration in/etc/pam.d/sshd-whatever. Log entries will show assshd-whateverinstead ofsshd.