Hi,
BoOnSiOnG wrote:
Hi,
my current config,
source s_tomcat_catalina {
file("/srv/tomcat/logs/catalina.out"
default-facility(local3) default-priority(info));
};
In this case, syslog-ng will try to parse every line as a BSD style message
from this file (but they aren't).
Use the flags(no-parse) option:
source s_tomcat_catalina {
file("/srv/tomcat/logs/catalina.out" flags(no-parse)
default-facility(local3) default-priority(info));
};
destination df_local3.info {
file("/var/log/apache2/tomcat_catalina_log", template("$MESSAGE\n"));
};
original log
Mar 30, 2010 3:26:26 AM org.apache.jk.common.ChannelSocket init
INFO: JK: ajp13 listening on /0.0.0.0:8009
Mar 30, 2010 3:26:26 AM org.apache.jk.server.JkMain start
INFO: Jk running ID=0 time=0/15 config=null
Mar 30, 2010 3:26:26 AM org.apache.catalina.startup.Catalina start
INFO: Server startup in 439 ms
the output for tomcat_catalina_out
30, 2010 3:26:26 AM org.apache.jk.common.ChannelSocket init
JK: ajp13 listening on /0.0.0.0:8009
30, 2010 3:26:26 AM org.apache.jk.server.JkMain start
Jk running ID=0 time=0/15 config=null
30, 2010 3:26:26 AM org.apache.catalina.startup.Catalina start
Server startup in 439 ms
Some part of the message was missing, any idea why?
Thanks again.
On Tue, Mar 30, 2010 at 2:58 PM, Alan McKinnon <Alan.McKinnon@is.co.za>
wrote:
Use a template and $MESSAGE in the destination.
destination d_tomcat_catalina {
file("/path/to/destination/file",
template("$MESSAGE\n") );
};
On Tuesday 30 March 2010 08:52:33 BoOnSiOnG wrote:
Hello all,
Good day, I have configure syslog-ng to checks catalina.out every
second, but syslog-ng will append date time and machine name to the
log, I would like to know is it possible to configure syslog-ng do not
alter the original log?
my config,
source s_tomcat_catalina {
file("/srv/tomcat/logs/catalina.out"
default-facility(local3)
default-priority(info)); };
log output,
Mar 29 21:43:38 forward Mar: 29, 2010 9:43:37 PM
org.apache.coyote.http11.Http11Protocol start
Mar 29 21:43:38 forward INFO: Starting Coyote HTTP/1.1 on http-8080
Mar 29 21:43:38 forward Mar: 29, 2010 9:43:37 PM
org.apache.jk.common.ChannelSocket init
Mar 29 21:43:38 forward INFO: JK: ajp13 listening on /0.0.0.0:8009
Mar 29 21:43:38 forward Mar: 29, 2010 9:43:37 PM
org.apache.jk.server.JkMain start
Mar 29 21:43:38 forward INFO: Jk running ID=0 time=0/14 config=null
Mar 29 21:43:38 forward Mar: 29, 2010 9:43:37 PM
org.apache.catalina.startup.Catalina start
Mar 29 21:43:38 forward INFO: Server startup in 428 ms
Thanks. :)
___________________________________________________________________________
___ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation:
http://www.balabit.com/support/documentation/?product=syslog-ng FAQ:
http://www.campin.net/syslog-ng/faq.html
--
Alan McKinnon
Systems Engineer^W Technician
Infrastructure Services
Internet Solutions
+27 11 575 7585
Please note: This email and its content are subject to the disclaimer as
displayed at the following link
http://www.is.co.za/legal/E-mail+Confidentiality+Notice+and+Disclaimer.htm.
Should you not have Web access, send a mail to disclaimers@is.co.za and a
copy will be emailed to you.
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation:
http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.campin.net/syslog-ng/faq.html
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation:
http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.campin.net/syslog-ng/faq.html
--
pzolee