|
osdir.com mailing list archive |
|
Subject: Preserving syslogd formatting - msg#00063List: syslog-ngExample: syslog-ng Oct 3 06:29:13 10.11.27.1/10.11.27.1 1164: syslogd Oct 1 22:48:41 [10.11.27.1.218.94] 2354: _______________________________________________ syslog-ng maillist - syslog-ng@xxxxxxxxxxxxxxxx https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html Thread at a glance:
Previous Message by Date: click to view message previewUDP TemplateHi, I would like to do log relaying, using syslog-ng. But I need to change the log format. The problem is that the "template" directive is not available for the udp destination (even for the tcp destination). Could you suggest me some work around to do that? Thanks in advance. - gian P.S I've thought on a work around, but it doesn't work fine. Hence the "template" directive is available for the pipes, I've used a pipe destination to send the logs. Then, I'm using the same pipe, as source, and I'm relaying the logs from it, to another log server. But syslog-ng thinks that the logs are coming from the server, and I get the following (ie, it uses the standard log format, after the pipe): Message Before the pipe -------------------- [X.Y.Z.K] ufs: [ID 213553 kern.notice] NOTICE: realloccg /u00: file system full Message After the pipe --------------------- Sep 25 18:12:11 Figth_cluB_01 [X.Y.Z.K] ufs: [ID 213553 kern.notice] NOTICE: realloccg /u00: file system full I'm using this configuration: # CONF ############################################# source s_net { udp(); }; source s_pipe_per_NI { pipe(/var/chroot/syslog-ng/dev/pipe_per_NI); }; destination relay_to_NI { udp("A.B.C.D" ); }; destination d_pipe_per_NI { pipe("/dev/pipe_per_NI" template("[$HOST] $MSG\n") ); }; log { source(s_net); destination(d_pipe_per_NI); # Here, I can apply the template }; log { source(s_pipe_per_NI); destination(relay_to_NI); # Here, syslog-ng applies the standard log format :( }; # END CONF ############################################# _____ Ing. Gianpiero Porchia Security Engineer ATS - Advanced Telecom Systems Designing, Testing, Managing Network Quality Via Salgari, 17 - 41100 Modena - ITALY Tel +39 059 821332 Fax +39 059 821492 Cel +39 335 330413 E-mail: gianpiero.porchia@xxxxxxxxx messenger.msn.com: http://messenger.msn.com/, gianpiero.porchia@xxxxxxxxx Web site: http://www.atsweb.it PGP Key ID: 0xCAE064A4 (pgpkeys.mit.edu:11371) Fingerprint: 080D AD88 C18A FCA3 91BC 0DF2 F05F 7489 CAE0 64A4 _______________________________________________ syslog-ng maillist - syslog-ng@xxxxxxxxxxxxxxxx https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html Next Message by Date: click to view message previewsyslog-ng filename expansion - 1.6.0rc3Hi, I've tried in vain to get underscores in the filename expansion but all I get is the last variable. For example: destination hosts { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/$FACILITY-$YEAR-$MONTH-$DAY" owner(root) group(nms) perm(0640) dir_perm(0750) create_dirs(yes) ); }; Works but changing the "-" with "_" leaves me with files named "$DAY" rather than the whole string. Using "." works ok but it is real messy when you need fqdn. thx jbd -- James Davis Lead Systems Administrator Douglas County Government Information Technology Department 100 Third Street, Castle Rock CO 80104 USA cell 303.994.8881 fax 303.688.6908 direct 303.663.7654 http://www.douglas.co.us/ mailto:jdavis@xxxxxxxxxxxxx _______________________________________________ syslog-ng maillist - syslog-ng@xxxxxxxxxxxxxxxx https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html Previous Message by Thread: click to view message previewUDP TemplateHi, I would like to do log relaying, using syslog-ng. But I need to change the log format. The problem is that the "template" directive is not available for the udp destination (even for the tcp destination). Could you suggest me some work around to do that? Thanks in advance. - gian P.S I've thought on a work around, but it doesn't work fine. Hence the "template" directive is available for the pipes, I've used a pipe destination to send the logs. Then, I'm using the same pipe, as source, and I'm relaying the logs from it, to another log server. But syslog-ng thinks that the logs are coming from the server, and I get the following (ie, it uses the standard log format, after the pipe): Message Before the pipe -------------------- [X.Y.Z.K] ufs: [ID 213553 kern.notice] NOTICE: realloccg /u00: file system full Message After the pipe --------------------- Sep 25 18:12:11 Figth_cluB_01 [X.Y.Z.K] ufs: [ID 213553 kern.notice] NOTICE: realloccg /u00: file system full I'm using this configuration: # CONF ############################################# source s_net { udp(); }; source s_pipe_per_NI { pipe(/var/chroot/syslog-ng/dev/pipe_per_NI); }; destination relay_to_NI { udp("A.B.C.D" ); }; destination d_pipe_per_NI { pipe("/dev/pipe_per_NI" template("[$HOST] $MSG\n") ); }; log { source(s_net); destination(d_pipe_per_NI); # Here, I can apply the template }; log { source(s_pipe_per_NI); destination(relay_to_NI); # Here, syslog-ng applies the standard log format :( }; # END CONF ############################################# _____ Ing. Gianpiero Porchia Security Engineer ATS - Advanced Telecom Systems Designing, Testing, Managing Network Quality Via Salgari, 17 - 41100 Modena - ITALY Tel +39 059 821332 Fax +39 059 821492 Cel +39 335 330413 E-mail: gianpiero.porchia@xxxxxxxxx messenger.msn.com: http://messenger.msn.com/, gianpiero.porchia@xxxxxxxxx Web site: http://www.atsweb.it PGP Key ID: 0xCAE064A4 (pgpkeys.mit.edu:11371) Fingerprint: 080D AD88 C18A FCA3 91BC 0DF2 F05F 7489 CAE0 64A4 _______________________________________________ syslog-ng maillist - syslog-ng@xxxxxxxxxxxxxxxx https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html Next Message by Thread: click to view message previewRe: Preserving syslogd formattingOn Fri, Oct 03, 2003 at 10:25:59AM -0400, Kenneth Gray wrote: > Howdy, I'm using syslog-ng for the first time. I have several scripts that > break because the output from the log files created by syslog-ng does not > have the hostname bracketed as it does in syslogd. Is there any option to > emulate the syslogd formatting? > > Example: > > syslog-ng Oct 3 06:29:13 10.11.27.1/10.11.27.1 1164: > syslogd Oct 1 22:48:41 [10.11.27.1.218.94] 2354: you can do this by specifying a template. -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1 _______________________________________________ syslog-ng maillist - syslog-ng@xxxxxxxxxxxxxxxx https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html Loading Comments...
|
|
