Hi! I'm in the progress of replacing Suns syslogd with syslog-ng 1.4.0rc2. I'm sure this is an FAQ, but how can I make it include message numbers? With Sun syslogd I get: Feb 23 13:17:58 hostname 1288115: the_message_itself but with syslog-ng I only get: Feb 23 13:17:58 hostname : the_message_itself The number "1288115" is missing, and I cannot figure out how to configure syslog-ng to include it. Unfortunately, I really need this number for post-processing of logs... Any suggestions? -- Terje Krogdahl Nextra AS - I don't buy from spammers.
I'm in the progress of replacing Suns syslogd with syslog-ng 1.4.0rc2. I'm sure this is an FAQ, but how can I make it include message numbers?
With Sun syslogd I get:
Feb 23 13:17:58 hostname 1288115: the_message_itself
but with syslog-ng I only get:
Feb 23 13:17:58 hostname : the_message_itself
The number "1288115" is missing, and I cannot figure out how to configure syslog-ng to include it. Unfortunately, I really need this number for post-processing of logs... Any suggestions?
what is this message number? A serial number? -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1 url: http://www.balabit.hu/pgpkey.txt
On Fri, Feb 25, 2000 at 01:14:02PM +0100, Balazs Scheidler wrote:
I'm sure this is an FAQ, but how can I make it include message numbers? ...
what is this message number? A serial number?
I don't know when this got added to Solaris. It exists in Solaris 7, at least, though I hadn't heard of it until it crossed this list. And I doubt it's anywhere near an FAQ. :) msgid's in Solaris's syslog is apparently a simple hash of the logged message. I'm not honestly sure what it's good for -- the same string always hashes to the same ID number, so I guess it's for easier scanning for specific log messages. I never had any problems with egrep, so I still don't see the point. :) I *do* like the ability to see what facility.priority the log entry was labeled as, and I *really* like being able to see what kernel module provided the log entry rather than 'unix'. It'll probably help me track down some obscure kernel-generated messages. I don't see any mention of msgid's in man -s3 syslog, so I don't know what it's doing differently in the function calls. From 'man syslogd': If message ID generation is enabled (see log(7d)), each mes- sage will be preceded by an identifier in the following for- mat: [ID msgid facility.priority]. msgid is the message's numeric identifier described in msgid(1M). facility and priority are described in syslog.conf(4). [ID 123456 kern.notice] is an example of an identifier when message ID generation is enabled. If the message originated in a loadable kernel module or driver, the kernel module's name (for example, ufs) will be displayed instead of unix. See EXAMPLES for sample output from syslogd with and without message ID generation enabled. In an effort to reduce visual clutter, message IDs are not displayed when writing to the console; message IDs are only written to the log file. See EXAMPLES. ... EXAMPLES Example 1: syslogd output without message ID generation enabled The following example shows the output from syslogd when message ID generation is not enabled: Sep 29 21:41:18 cathy unix: alloc /: file system full Example 2: syslogd output with ID generation enabled when writing to log file /var/adm/messages The following example shows the output from syslogd when message ID generation is enabled. Note that the message ID is displayed when writing to log file/var/adm/messages. Sep 29 21:41:18 cathy ufs: [ID 845546 kern.notice] alloc /: file system full Example 3: syslogd output with ID generation enabled when writing to the console The following example shows the output from syslogd when message ID generation is enabled when writing to the con- sole. Note that even though message ID is enabled, the mes- sage ID is not displayed at the console. Sep 29 21:41:18 cathy ufs: alloc /: file system full ... ---------------------------------------------------------------------- 'man msgid' says: A message ID is a numeric identifier that, with a high pro- bability, uniquely identifies a message. The probability of two distinct messages having the same ID is about one in a million. Specifically, the message ID is a hash signature on the message's unexpanded format string, generated by STRLOG_MAKE_MSGID() as defined in <sys/strlog.h>. syslogd(1M) is a simple filter that takes strings as input and produces those same strings, preceded by their message IDs, as output. Every message logged by syslogd(1M) includes the message ID. The message ID is intended to serve as a small, language-independent identifier. ---------------------------------------------------------------------- I think that last man page has some problems and probably means 'msgid' rather than syslogd at the start of the last paragraph. For instance, echo "test" | msgid returns 229106 test and 'echo "test2" | msgid returns 880108 test2 And from 'man -s7d log': Driver Configuration The following driver configuration properties may be defined in the log.conf file. msgid If msgid=1, each message will be preceded by a message ID as described in syslogd(1M). If msgid=0, message IDs will not be generated. This property is Unstable and may be removed in a future release. ---------------------------------------------------------------------- HTH. JBB
On Fri, Feb 25, 2000 at 07:51:44AM -0500, John B Batzel wrote:
I don't know when this got added to Solaris. It exists in Solaris 7, at least, though I hadn't heard of it until it crossed this list. And I doubt it's anywhere near an FAQ. :)
It was added in Solaris 7 (as mentioned in the "Solaris 7 System Administration Supliment"). I too had never heard of it before now, and I am really glad I have!
And from 'man -s7d log':
Driver Configuration The following driver configuration properties may be defined in the log.conf file.
msgid If msgid=1, each message will be preceded by a message ID as described in syslogd(1M). If msgid=0, message IDs will not be generated. This property is Unstable and may be removed in a future release.
Since the log(7d) man page was a little hazy, I include the following for convinience of others who want to use the msgid's. From Solaris 7 System Administration Supliment "Improved System Boot and Error Message Format" Enable system message IDs by adding the following line to the /platform/`uname -i`/kernel/drv/log.conf file, if it exists. Otherwise, add the msgid property to the /kernel/drv/log.conf file. To enable system message IDs without rebooting the system, use the following adb command: # echo log_msgid/W1 | adb -kw ---------------------------------------------------------------------------- __o Bradley Arlt Email: arlt@cpsc.ucalgary.ca o__ _ \<_ WWW: www.acs.ucalgary.ca/~bdarlt _>/ _ (_)/(_) -Eat well, sleep peacefully, drink lots, and ride like hell. (_)\(_)
participants (4)
-
Balazs Scheidler
-
Brad Arlt
-
John B Batzel
-
Terje Krogdahl