Query regarding syslog-ng.conf and creation of logging files
Hi, Please help regarding doubts of syslog-ng.conf file 1 . The destination files specified in syslog-ng.conf is created by syslog-ng ?? 2. If they are created by syslog-ng then , are they created only when the log gets filtered for that destination file ? 3 . Does this happen in syslog as well,because I think in syslog the file gets created even before logging into the file I am new to syslog utilities and it is just my assumption that the files might be created using the conf file ,because when I killed syslog daemon and restarted it ,the file I removed got created again but not in the case of syslog-ng. Please help regarding this issue . Thanks Ankit =====-----=====-----===== Notice: The information contained in this e-mail message and/or attachments to it may contain confidential or privileged information. If you are not the intended recipient, any dissemination, use, review, distribution, printing or copying of the information contained in this e-mail message and/or attachments to it are strictly prohibited. If you have received this communication in error, please notify us by reply e-mail or telephone and immediately and permanently delete the message and any attachments. Thank you
Ankit Mahawar <ankit.mahawar@tcs.com> writes:
1 . The destination files specified in syslog-ng.conf is created by syslog-ng ??
Yes, they will be created by syslog-ng, if they do not exist.
2. If they are created by syslog-ng then , are they created only when the log gets filtered for that destination file ?
Yes.
3 . Does this happen in syslog as well,because I think in syslog the file gets created even before logging into the file
That, I do not know. It might be that other syslogd implementations create the file before any logs reach it. -- |8]
Thanks Gregely for your inputs. Ankit From: Gergely Nagy <algernon@balabit.hu> To: Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu> Date: 11/23/2011 02:37 PM Subject: Re: [syslog-ng] Query regarding syslog-ng.conf and creation of logging files Sent by: syslog-ng-bounces@lists.balabit.hu Ankit Mahawar <ankit.mahawar@tcs.com> writes:
1 . The destination files specified in syslog-ng.conf is created by syslog-ng ??
Yes, they will be created by syslog-ng, if they do not exist.
2. If they are created by syslog-ng then , are they created only when the log gets filtered for that destination file ?
Yes.
3 . Does this happen in syslog as well,because I think in syslog the file gets created even before logging into the file
That, I do not know. It might be that other syslogd implementations create the file before any logs reach it. -- |8] ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq =====-----=====-----===== Notice: The information contained in this e-mail message and/or attachments to it may contain confidential or privileged information. If you are not the intended recipient, any dissemination, use, review, distribution, printing or copying of the information contained in this e-mail message and/or attachments to it are strictly prohibited. If you have received this communication in error, please notify us by reply e-mail or telephone and immediately and permanently delete the message and any attachments. Thank you
Hello Is it possible to configure syslog-ng to log email logs in separate file for every email ? So an email is being processed,all lines in /var/log/mail.log for that particular email has a unique identifier,there might be some 5-15 lines for each email,is syslog-ng capable to log those lines per unique email ID into a separate log file,where a filename is generated on-the-file with some unique filename ? Sincerely
Wednesday 23 of November 2011 14:44:17 Dragan Zubac wrote:
Is it possible to configure syslog-ng to log email logs in separate file for every email ?
So an email is being processed,all lines in /var/log/mail.log for that particular email has a unique identifier,there might be some 5-15 lines for each email,is syslog-ng capable to log those lines per unique email ID into a separate log file,where a filename is generated on-the-file with some unique filename ?
If this unique ID is present in every line related to a particular mail, you can parse it (either with patterndb, or plain CSV parser - depends on your log lines format), extract the ID and use it as a macron in the destination filename. So, under certain conditions, yes - it is possible. HTH -- Jakub Jankowski|shasta@toxcorp.com|http://toxcorp.com/ GPG: FCBF F03D 9ADB B768 8B92 BB52 0341 9037 A875 942D
On 11/23/2011 02:50 PM, Jakub Jankowski wrote:
Wednesday 23 of November 2011 14:44:17 Dragan Zubac wrote:
Is it possible to configure syslog-ng to log email logs in separate file for every email ?
So an email is being processed,all lines in /var/log/mail.log for that particular email has a unique identifier,there might be some 5-15 lines for each email,is syslog-ng capable to log those lines per unique email ID into a separate log file,where a filename is generated on-the-file with some unique filename ?
If this unique ID is present in every line related to a particular mail, you can parse it (either with patterndb, or plain CSV parser - depends on your log lines format), extract the ID and use it as a macron in the destination filename. So, under certain conditions, yes - it is possible.
HTH
It might be possible even if the ID is not present in every log message. You can use patterndb and message correlation to identify every message, and also to group related messages (in your case, messages belonging to the same email). Check Chapter 13 of the syslog-ng administrator guide: http://www.balabit.com/sites/default/files/documents/syslog-ng-ose-3.3-guide... Regards, Robert
participants (5)
-
Ankit Mahawar
-
Dragan Zubac
-
Fekete Robert
-
Gergely Nagy
-
Jakub Jankowski