ah!!! where do i download 3.5 OpenSource? could you please point me out.. also in my case i am using UDP port for source so my syntex would be like following? right? source s_tomcat { syslog( transport("udp") multi-line-mode(indented)); }; On Thu, Jul 11, 2013 at 12:40 PM, Balazs Scheidler <bazsi77@gmail.com>wrote:
My gosh, I incorrectly remembered a number of vital details, sorry for that.
The syntax has been changed from the flags format, it's like this:
file('tomcat.log' multi-line-mode(indented));
I have actually tried this one, however I have one other bad news, this feature missed 3.4 so it's only available in the 3.5 branch. IIRC Algernon already published 3.5 binaries for Debian/Ubuntu distros. On Jul 11, 2013 4:22 PM, "Satish Patel" <satish.txt@gmail.com> wrote:
This is my source declaration and i have put flags which you have mentioned.
source s_tomcat { syslog( transport("udp") flags(indent-multi-line)); };
I got following error when i am trying to put flags
Error parsing afsocket, Unknown flag indent-multi-line in /usr/local/syslog-ng-3.4.2/etc/syslog-ng.conf at line 54, column 33:
syslog( transport("udp") flags(indent-multi-line) ); ^^^^^^^^^^^^^^^^^
On Thu, Jul 11, 2013 at 7:53 AM, Balazs Scheidler <bazsi@balabit.hu>wrote:
I can't see the source declaration, it must be something along the lines of:
source s_tomcat { file("/var/log/tomcat/xxx.log" flags(indent-multi-line)); };
On Wed, 2013-07-10 at 12:54 -0400, Satish Patel wrote:
Hi Balazs,
what is your thought about my config? did you see?
On Mon, Jul 8, 2013 at 12:30 PM, Satish Patel <satish.txt@gmail.com> wrote: This is what i have configured and no luck with it.. can you suggest what i am missing?
destination d02_tc74_log { file("/logs/server1/tomcat7.4/catalina_$YEAR$MONTH$DAY.log" template("$(indent-multi-line ${MESSAGE})\n") template(t_tomcatlog) owner("root") group("root") perm(0644) dir_perm(0755) create_dirs(yes)); }; filter server1 { host("server1.example.com") }; log { source (s_tomcat); filter (server1); filter (tomcat7_4); destination (d02_tc74_log); };
On Mon, Jul 8, 2013 at 12:08 PM, Satish Patel <satish.txt@gmail.com> wrote: How do i use indented-multi-line ? I meant where do i configure it? I tried but my syslog-ng doesn't recognizing this option i have syslog-ng 3.3.7 could you give me example where and how do i check whether it is supported or not
On Sat, Jul 6, 2013 at 2:12 AM, Balazs Scheidler <bazsi77@gmail.com> wrote: This looks.like the format that should be supported by indented-multi-line
On Jul 5, 2013 9:33 PM, "Satish Patel" <satish.txt@gmail.com> wrote: Here is my tomcat catalina.out log file sample. See there is a tab space in logs
2013-06-27 05:30:00,065 [EDISN-Scheduler_Worker-2] ERROR com.example.edisn.sftp.SftpSession - Exception attempting to work with an SFTP Session: connection is closed by foreign host 2013-06-27 05:30:00,066 [EDISN-Scheduler_Worker-2] ERROR org.quartz.core.JobRunShell - Job EDISN.CTMS_Upload threw an unhandled Exception:
com.example.edisn.EdisnRuntimeException: Exception attempting to work with an SFTP Session: connection is closed by foreign host
at
com.example.edisn.sftp.SftpSession.doSession(SftpSession.java:64)
at
com.example.edisn.EdisnSession.exec(EdisnSession.java:13)
at
com.example.ctms.CtmsScheduledJob.executeInternal(CtmsScheduledJob.java:27)
at
org.springframework.scheduling.quartz.QuartzJobBean.execute(QuartzJobBean.java:86)
at
org.quartz.core.JobRunShell.run(JobRunShell.java:202)
at org.quartz.simpl.SimpleThreadPool
$WorkerThread.run(SimpleThreadPool.java:525)
Caused by: com.jcraft.jsch.JSchException: connection is closed by foreign host at
com.jcraft.jsch.Session.connect(Unknown Source)
at
com.jcraft.jsch.Session.connect(Unknown Source)
at
com.example.edisn.sftp.SftpSession.doSession(SftpSession.java:45)
... 5 more
On Fri, Jul 5, 2013 at 3:27 PM, Balazs Scheidler <bazsi77@gmail.com> wrote: No, I implemented a different multiline style support first (that is not in pe), where continuation lines are indicated by indentation, like mime.
Iirc tomcat has this kind of log file. Can you show a sample log entry?
The infrastructure for multiline-prefix is also there but not added yet.
Let me see the sample, I'll tell if the current solution works or not.
On Jul 5, 2013 8:24 PM, "Satish Patel" <satish.txt@gmail.com> wrote: Thanks for reply Balazs,
You mean say this feature is available in Open Source Edition (OSE) 3.4? Once after specifying flag "indented-multi-line" i can use multi-line-prefix?
On Fri, Jul 5, 2013 at 1:26 PM, Balazs Scheidler <bazsi77@gmail.com> wrote: You have found the PE documentation but I have already ported this to the OSE tree and has been released as part of 3.4.
You have to specify
indented-multi-line as a flag to the file source.
On Jul 5, 2013 6:28 PM, "Satish Patel" <
satish.txt@gmail.com> wrote:
We have tomcat shop and at
everyone know tomcat has a java call trace in logs with tab space but syslog-ng doesn't know about it and printing lines as a new line. I have read here syslog-ng 3.x does support multi-line logs http://www.balabit.com/sites/default/files/documents/syslog-ng-pe-4.0-guides...
But does this
feature available in Open Source syslog-ng? If yes then why its not working for me?
______________________________________________________________________________
Member info:
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ:
http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________
Member info:
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation:
http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ:
http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________
Member info:
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation:
http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ:
http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________
Member info:
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation:
http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ:
http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________
Member info:
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation:
http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ:
http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________
Member info:
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation:
http://www.balabit.com/support/documentation/?product=syslog-ng
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq