Milliseconds in timestamp and black magic
Hi, I'm observing something mysterious with milliseconds in timestamps. I set frac_digits() in the global options and then I have a rewriter and a template. Something like this: options { frac_digits(3); }; source s { internal(); } rewrite r { set("$ISODATE", value("MYDATE")); }; template t { template("$ISODATE ($MYDATE) $HOST $MSGHDR$MESSAGE\n"); }; destination d { file("/var/log/test.log" template(t)); }; log { source(s); rewrite(r); destination(d); }; To my total surprise the expanded value of $ISODATE in the log file contains fraction part, but the value of $MYDATE does not! Aren't they supposed to be the same because of the rewrite rule? Or am I doing something wrong? (I'm using syslog-ng 3.0.4 on Linux). -- Thanks, Sergei.
Hi, I am using syslog-ng open source 3.0.3-1 ( rhel5.amd64) version. I am sending all the logs to a tcp port.i am using destination ip address. I want to read this information from a external config file so that user does not need to open and modify this file for differnet IP address. Please let me know how to use external config file in syslog-ng.conf file and how to use the these variable values in the syslog-ng file. Please send me a example. destination d_messages { syslog("2.34.56.78" transport("tcp") port(601)); } - V
Hi, Do you mean that you would like to read the port number from an external file and use it in your destination statements? Because this is no possible, you can include only complete parts of the configuration, and it is not possible to use variables. If you want to include for example the complete destination statement, you just create a file with this statement (e.g., destination.conf) and in your syslog-ng conf, write include "destination.conf"; After that you can reference the d_messages destination in the syslog-ng conf file. Regards, Robert Fekete Jain, Vaibhav (GE Healthcare) wrote:
Hi,
I am using syslog-ng open source 3.0.3-1 ( rhel5.amd64) version. I am sending all the logs to a tcp port.i am using destination ip address. I want to read this information from a external config file so that user does not need to open and modify this file for differnet IP address. Please let me know how to use external config file in syslog-ng.conf file and how to use the these variable values in the syslog-ng file. Please send me a example.
destination d_messages { syslog("2.34.56.78" transport("tcp") port(601)); }
- V ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
Hi, I am using syslog-ng open source 3.0.3-1 ( rhel5.amd64) version. I want to collect all the logs from a directory and it's subdirectory. I am using following syntex and I am not getting any error but it is not working. source s_file_subdirectories { file("/var/application/*.log" recursive(yes) follow_freq(1) log_fetch_limit(100) );}; Can you suggest me how to make configuration to read logs from directiry and sub-dir? Is this feature supported in open source 3.0.3-1 release? I am following syslog-ng admin guide. - V
Hi, the wildcards in pathnames and recursive directory handling features are only available in syslog-ng PE. Unfortunately, the recursive directory handling was not marked as a PE-only feature in the admin guide; I will correct it and release a new edition sometime this week. Thank you very much for noticing this docbug. Kind Regards, Robert Fekete -- Robert Fekete Technical Writer Jain, Vaibhav (GE Healthcare) wrote:
Hi,
I am using syslog-ng open source 3.0.3-1 ( rhel5.amd64) version. I want to collect all the logs from a directory and it's subdirectory. I am using following syntex and I am not getting any error but it is not working.
source s_file_subdirectories { file("/var/application/*.log" recursive(yes) follow_freq(1) log_fetch_limit(100) );};
Can you suggest me how to make configuration to read logs from directiry and sub-dir? Is this feature supported in open source 3.0.3-1 release? I am following syslog-ng admin guide.
- V ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
On Fri, 2009-08-21 at 21:19 +0200, Sergei Zhirikov wrote:
Hi,
I'm observing something mysterious with milliseconds in timestamps. I set frac_digits() in the global options and then I have a rewriter and a template. Something like this:
options { frac_digits(3); };
source s { internal(); }
rewrite r { set("$ISODATE", value("MYDATE")); };
template t { template("$ISODATE ($MYDATE) $HOST $MSGHDR$MESSAGE\n"); };
destination d { file("/var/log/test.log" template(t)); };
log { source(s); rewrite(r); destination(d); };
To my total surprise the expanded value of $ISODATE in the log file contains fraction part, but the value of $MYDATE does not! Aren't they supposed to be the same because of the rewrite rule? Or am I doing something wrong? (I'm using syslog-ng 3.0.4 on Linux).
well, you might be right that this is a discrepancy, I might call this a bug as well, but there's an explanation: frac_digits() is a per-destination option and the global frac_digits() only affect destinations. rewrite rules (and filename macros for example) don't inherit that value and always use 0 frac_digits. The per-destination options for template formatting are the followings: * timestamp format (e.g. $DATE expansion) * timezone * frac_digits * sequence number ($SEQNUM) These are not controllable for rewrite rules right now and neither are when macros are used in filenames. -- Bazsi
participants (4)
-
Balazs Scheidler
-
Jain, Vaibhav (GE Healthcare)
-
Robert Fekete
-
Sergei Zhirikov