[syslog-ng]syslog-ng 1.5.3 released

Andrew Fort afort@staff.webcentral.com.au
Fri, 19 Jan 2001 23:41:24 +1000 

> Hi,
> 
> syslog-ng 1.5.3 released which adds support for user 
> definable log file
> formats. Here's how to use it:
> 
> destination my_file { 
> 	file("/var/log/messages" template("$ISODATE $TAG 
> $FULLHOST $MESSAGE")); 
> };
> 
> Documentation is not updated, for a list of available macros check out
> affile.c, expand_macros() function. I'd appreciate some 
> testing, because I
> won't have too much time to do it myself.

Here's a list of the macros and an example of their output, in the following
format

$MACRO_NAME
description/type
example


$FACILITY
syslog facility name
daemon

$PRIORITY
the syslog priority name
debug

$LEVEL ; same output as $PRIORITY

$TAG
Hex representaiton of the 32-bit priority/facility pair (see
/usr/include/sys/syslog.h)
1f

(1f is the output for "daemon/debug" as above)

$DATE
The local system time
Jan 19 23:27:21

$FULLDATE
Same as $DATE but with %Y appended,
2001 Jan 19 23:27:21

$ISODATE
ISO-standard format date (strftime format "%Y-%m-%dT%H:%M:%S%z")
2001-01-19T23:27:21+1000

$YEAR
4-digit year string
2001

$MONTH
2-digit month string
01

$DAY
2-digit day string
19

$HOUR
2-digit hour string
23

$MIN
2-digit minutes string
27

$SEC
2-digit seconds string
21

$HOST
host string; not sure how to decode this function, in my example it's the
same as fullhost (?)
avrio

$FULLHOST
"full hostname" (msg->host->data)
avrio

$PROGRAM
If syslog-ng has pulled a 'program name' out of the message, this will
return that
qpage

$MSG || $MESSAGE
The full syslog message
qpage[9366]: processing the page queue

Balazs forgot one thing - you'll also need to include a "\n" at the end of
your template directive if you want to make your output readable :)

e.g.

 destination my_file { 
 	file("/var/log/messages" template("$ISODATE $TAG $FULLHOST
$MESSAGE\n")); 
 };

Balazs, my test config was:

destination d_format_test { file("/var/log/test" template("$FACILITY
$PRIORITY $LEVEL $TAG $DATE $FULLDATE $ISODATE $YEAR $MONTH $DAY $HOUR $MIN
$SEC $HOST $FULLHOST $PROGRAM $MSG\n")); };

log { source(s_sys); filter(DEFAULT); destination(d_format_test); };

the output used in the examples above is

daemon debug debug 1f Jan 19 23:27:21 2001 Jan 19 23:27:21
2001-01-19T23:27:21+1000 2001 01 19 23 27 21 avrio avrio qpage qpage[9366]:
processing the page queue

seems to work okay with the \n.

Thanks Balazs, now I can use the clock on my ciscos for the log messages,
again!

-afort