[syslog-ng]Message Templates and Syslog ID
Nate Campi
syslog-ng@lists.balabit.hu
Tue, 15 Feb 2005 21:19:07 -0800
On Mon, Feb 14, 2005 at 07:13:01AM -0800, Rhugga wrote:
>
> On Solaris, syslogd adds a field containing the syslog message ID and the facility and priority:
>
> EX:
> Jan 20 22:07:26 back-0202 tldd[3184]: [ID 817171 daemon.notice] Calling the drive_mount_notify
> ^^^^^^^^^^^^^^^^^^^^^^^^^
>
> This behavior can only be changed by a reboot and sun also does not recommend setting msgid=0 in
> /kernerl/drv/log.conf.
>
> So, using the following template I can come close to normalizing this behavior:
> template("$DATE $HOST $PROGRAM [ID $FACILITY.$LEVEL] $MSG\n")
>
> The information that is lost is the internal syslog ID and the pid of the sending process. Here is
> a log entry processed thru this template:
There's a macro for the message that doesn't include the program name,
search the archives for what it is (I forget). As for that number after
the ID, it's not the PID of the sending process, it's the message ID, so
go ahead and turn off message IDs if you don't want them. I must say
that I've never turned them off so I don't know what the format is, but
IIRC it'll look more like what you want.
See http://smarden.org/socklog/readme.solaris.html for a good background
on solaris syslog.
--
Nate
"Facts, or what a man believes to be facts, are always delightful. . . .
Get your facts first, and . . . then you can distort `em as much as you
please." - quoted in Rudyard Kipling's From Sea to Sea - Samuel Clemens