<div dir="ltr">ah!!! where do i download 3.5 OpenSource? could you please point me out.. also in my case i am using UDP port for source so my syntex would be like following? right?<br><br>source s_tomcat {<br> syslog( transport("udp") multi-line-mode(indented));<br>
};<br></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Thu, Jul 11, 2013 at 12:40 PM, Balazs Scheidler <span dir="ltr"><<a href="mailto:bazsi77@gmail.com" target="_blank">bazsi77@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><p dir="ltr">My gosh, I incorrectly remembered a number of vital details, sorry for that.</p>
<p dir="ltr">The syntax has been changed from the flags format, it's like this:</p>
<p dir="ltr">file('tomcat.log' multi-line-mode(indented));<br></p>
<p dir="ltr">I have actually tried this one, however I have one other bad news, this feature missed 3.4 so it's only available in the 3.5 branch. IIRC Algernon already published 3.5 binaries for Debian/Ubuntu distros.</p>
<div class="HOEnZb"><div class="h5">
<div class="gmail_quote">On Jul 11, 2013 4:22 PM, "Satish Patel" <<a href="mailto:satish.txt@gmail.com" target="_blank">satish.txt@gmail.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr"><div>This is my source declaration and i have put flags which you have mentioned. <br><br>source s_tomcat {<br> syslog( transport("udp") flags(indent-multi-line));<br>};<br><br></div>I got following error when i am trying to put flags<br>
<br>Error parsing afsocket, Unknown flag indent-multi-line in /usr/local/syslog-ng-3.4.2/etc/syslog-ng.conf at line 54, column 33:<br><br> syslog( transport("udp") flags(indent-multi-line) );<br> ^^^^^^^^^^^^^^^^^<br>
<br><div><br></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Thu, Jul 11, 2013 at 7:53 AM, Balazs Scheidler <span dir="ltr"><<a href="mailto:bazsi@balabit.hu" target="_blank">bazsi@balabit.hu</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><br>
I can't see the source declaration, it must be something along the lines<br>
of:<br>
<br>
source s_tomcat {<br>
file("/var/log/tomcat/xxx.log" flags(indent-multi-line));<br>
};<br>
<div><div><br>
On Wed, 2013-07-10 at 12:54 -0400, Satish Patel wrote:<br>
> Hi Balazs,<br>
><br>
><br>
> what is your thought about my config? did you see?<br>
><br>
><br>
><br>
> On Mon, Jul 8, 2013 at 12:30 PM, Satish Patel <<a href="mailto:satish.txt@gmail.com" target="_blank">satish.txt@gmail.com</a>><br>
> wrote:<br>
> This is what i have configured and no luck with it.. can you<br>
> suggest what i am missing?<br>
><br>
> destination d02_tc74_log<br>
> { file("/logs/server1/tomcat7.4/catalina_$YEAR$MONTH$DAY.log"<br>
> template("$(indent-multi-line ${MESSAGE})\n")<br>
> template(t_tomcatlog) owner("root") group("root") perm(0644)<br>
> dir_perm(0755) create_dirs(yes)); };<br>
> filter server1 { host("<a href="http://server1.example.com" target="_blank">server1.example.com</a>") };<br>
> log {<br>
> source (s_tomcat);<br>
> filter (server1);<br>
> filter (tomcat7_4);<br>
> destination (d02_tc74_log);<br>
> };<br>
><br>
><br>
><br>
><br>
> On Mon, Jul 8, 2013 at 12:08 PM, Satish Patel<br>
> <<a href="mailto:satish.txt@gmail.com" target="_blank">satish.txt@gmail.com</a>> wrote:<br>
> How do i use indented-multi-line ? I meant where do i<br>
> configure it? I tried but my syslog-ng doesn't<br>
> recognizing this option i have syslog-ng 3.3.7 could<br>
> you give me example where and how do i check whether<br>
> it is supported or not<br>
><br>
><br>
><br>
> On Sat, Jul 6, 2013 at 2:12 AM, Balazs Scheidler<br>
> <<a href="mailto:bazsi77@gmail.com" target="_blank">bazsi77@gmail.com</a>> wrote:<br>
> This looks.like the format that should be<br>
> supported by indented-multi-line<br>
><br>
> On Jul 5, 2013 9:33 PM, "Satish Patel"<br>
> <<a href="mailto:satish.txt@gmail.com" target="_blank">satish.txt@gmail.com</a>> wrote:<br>
> Here is my tomcat catalina.out log<br>
> file sample. See there is a tab space<br>
> in logs<br>
><br>
> 2013-06-27 05:30:00,065<br>
> [EDISN-Scheduler_Worker-2] ERROR<br>
> com.example.edisn.sftp.SftpSession -<br>
> Exception attempting to work with an<br>
> SFTP Session: connection is closed by<br>
> foreign host<br>
> 2013-06-27 05:30:00,066<br>
> [EDISN-Scheduler_Worker-2] ERROR<br>
> org.quartz.core.JobRunShell - Job<br>
> EDISN.CTMS_Upload threw an unhandled<br>
> Exception:<br>
> com.example.edisn.EdisnRuntimeException: Exception attempting to work with an SFTP Session: connection is closed by foreign host<br>
> at<br>
> com.example.edisn.sftp.SftpSession.doSession(SftpSession.java:64)<br>
> at<br>
> com.example.edisn.EdisnSession.exec(EdisnSession.java:13)<br>
> at<br>
> com.example.ctms.CtmsScheduledJob.executeInternal(CtmsScheduledJob.java:27)<br>
> at<br>
> org.springframework.scheduling.quartz.QuartzJobBean.execute(QuartzJobBean.java:86)<br>
> at<br>
> org.quartz.core.JobRunShell.run(JobRunShell.java:202)<br>
> at<br>
> org.quartz.simpl.SimpleThreadPool<br>
> $WorkerThread.run(SimpleThreadPool.java:525)<br>
> Caused by:<br>
> com.jcraft.jsch.JSchException:<br>
> connection is closed by foreign host<br>
> at<br>
> com.jcraft.jsch.Session.connect(Unknown Source)<br>
> at<br>
> com.jcraft.jsch.Session.connect(Unknown Source)<br>
> at<br>
> com.example.edisn.sftp.SftpSession.doSession(SftpSession.java:45)<br>
> ... 5 more<br>
><br>
><br>
><br>
><br>
> On Fri, Jul 5, 2013 at 3:27 PM, Balazs<br>
> Scheidler <<a href="mailto:bazsi77@gmail.com" target="_blank">bazsi77@gmail.com</a>> wrote:<br>
> No, I implemented a different<br>
> multiline style support first<br>
> (that is not in pe), where<br>
> continuation lines are<br>
> indicated by indentation, like<br>
> mime.<br>
><br>
> Iirc tomcat has this kind of<br>
> log file. Can you show a<br>
> sample log entry?<br>
><br>
> The infrastructure for<br>
> multiline-prefix is also there<br>
> but not added yet.<br>
><br>
> Let me see the sample, I'll<br>
> tell if the current solution<br>
> works or not.<br>
><br>
> On Jul 5, 2013 8:24 PM,<br>
> "Satish Patel"<br>
> <<a href="mailto:satish.txt@gmail.com" target="_blank">satish.txt@gmail.com</a>> wrote:<br>
> Thanks for reply<br>
> Balazs,<br>
><br>
><br>
> You mean say this<br>
> feature is available<br>
> in Open Source Edition<br>
> (OSE) 3.4? Once after<br>
> specifying flag<br>
> "indented-multi-line"<br>
> i can use<br>
> multi-line-prefix?<br>
><br>
><br>
><br>
> On Fri, Jul 5, 2013 at<br>
> 1:26 PM, Balazs<br>
> Scheidler<br>
> <<a href="mailto:bazsi77@gmail.com" target="_blank">bazsi77@gmail.com</a>><br>
> wrote:<br>
> You have found<br>
> the PE<br>
> documentation<br>
> but I have<br>
> already ported<br>
> this to the<br>
> OSE tree and<br>
> has been<br>
> released as<br>
> part of 3.4.<br>
><br>
> You have to<br>
> specify<br>
> indented-multi-line as a flag to the file source.<br>
><br>
> On Jul 5, 2013<br>
> 6:28 PM,<br>
> "Satish Patel"<br>
> <<a href="mailto:satish.txt@gmail.com" target="_blank">satish.txt@gmail.com</a>> wrote:<br>
><br>
> We<br>
> have<br>
> tomcat<br>
> shop<br>
> and at<br>
> everyone know tomcat has a java call trace in logs with tab space but syslog-ng doesn't know about it and printing lines as a new line. I have read here syslog-ng 3.x does support multi-line logs <a href="http://www.balabit.com/sites/default/files/documents/syslog-ng-pe-4.0-guides/en/syslog-ng-pe-v4.0-guide-admin-en/html/reference_source_syslog.html" target="_blank">http://www.balabit.com/sites/default/files/documents/syslog-ng-pe-4.0-guides/en/syslog-ng-pe-v4.0-guide-admin-en/html/reference_source_syslog.html</a><br>
><br>
><br>
> But<br>
> does<br>
> this<br>
> feature available in Open Source syslog-ng? If yes then why its not working for me?<br>
><br>
><br>
><br>
> ______________________________________________________________________________<br>
> Member<br>
> info:<br>
> <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
> Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
> FAQ:<br>
> <a href="http://www.balabit.com/wiki/syslog-ng-faq" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
><br>
><br>
><br>
> ______________________________________________________________________________<br>
> Member info:<br>
> <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
> Documentation:<br>
> <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
> FAQ:<br>
> <a href="http://www.balabit.com/wiki/syslog-ng-faq" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
><br>
><br>
><br>
><br>
><br>
> ______________________________________________________________________________<br>
> Member info:<br>
> <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
> Documentation:<br>
> <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
> FAQ:<br>
> <a href="http://www.balabit.com/wiki/syslog-ng-faq" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
><br>
><br>
><br>
> ______________________________________________________________________________<br>
> Member info:<br>
> <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
> Documentation:<br>
> <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
> FAQ:<br>
> <a href="http://www.balabit.com/wiki/syslog-ng-faq" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
><br>
><br>
><br>
><br>
><br>
> ______________________________________________________________________________<br>
> Member info:<br>
> <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
> Documentation:<br>
> <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
> FAQ:<br>
> <a href="http://www.balabit.com/wiki/syslog-ng-faq" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
><br>
><br>
><br>
> ______________________________________________________________________________<br>
> Member info:<br>
> <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
> Documentation:<br>
> <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
> FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> ______________________________________________________________________________<br>
> Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
> Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
> FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
><br>
<br>
<br>
<br>
______________________________________________________________________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
<br>
</div></div></blockquote></div><br></div>
<br>______________________________________________________________________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
<br>
<br></blockquote></div>
</div></div><br>______________________________________________________________________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
<br>
<br></blockquote></div><br></div>