Hello all, Good day, I have configure syslog-ng to checks catalina.out every second, but syslog-ng will append date time and machine name to the log, I would like to know is it possible to configure syslog-ng do not alter the original log? my config, source s_tomcat_catalina { file("/srv/tomcat/logs/catalina.out" default-facility(local3) default-priority(info)); }; log output, Mar 29 21:43:38 forward Mar: 29, 2010 9:43:37 PM org.apache.coyote.http11.Http11Protocol start Mar 29 21:43:38 forward INFO: Starting Coyote HTTP/1.1 on http-8080 Mar 29 21:43:38 forward Mar: 29, 2010 9:43:37 PM org.apache.jk.common.ChannelSocket init Mar 29 21:43:38 forward INFO: JK: ajp13 listening on /0.0.0.0:8009 Mar 29 21:43:38 forward Mar: 29, 2010 9:43:37 PM org.apache.jk.server.JkMain start Mar 29 21:43:38 forward INFO: Jk running ID=0 time=0/14 config=null Mar 29 21:43:38 forward Mar: 29, 2010 9:43:37 PM org.apache.catalina.startup.Catalina start Mar 29 21:43:38 forward INFO: Server startup in 428 ms Thanks. :)
Use a template and $MESSAGE in the destination. destination d_tomcat_catalina { file("/path/to/destination/file", template("$MESSAGE\n") ); }; On Tuesday 30 March 2010 08:52:33 BoOnSiOnG wrote:
Hello all,
Good day, I have configure syslog-ng to checks catalina.out every second, but syslog-ng will append date time and machine name to the log, I would like to know is it possible to configure syslog-ng do not alter the original log?
my config,
source s_tomcat_catalina { file("/srv/tomcat/logs/catalina.out" default-facility(local3) default-priority(info)); };
log output, Mar 29 21:43:38 forward Mar: 29, 2010 9:43:37 PM org.apache.coyote.http11.Http11Protocol start Mar 29 21:43:38 forward INFO: Starting Coyote HTTP/1.1 on http-8080 Mar 29 21:43:38 forward Mar: 29, 2010 9:43:37 PM org.apache.jk.common.ChannelSocket init Mar 29 21:43:38 forward INFO: JK: ajp13 listening on /0.0.0.0:8009 Mar 29 21:43:38 forward Mar: 29, 2010 9:43:37 PM org.apache.jk.server.JkMain start Mar 29 21:43:38 forward INFO: Jk running ID=0 time=0/14 config=null Mar 29 21:43:38 forward Mar: 29, 2010 9:43:37 PM org.apache.catalina.startup.Catalina start Mar 29 21:43:38 forward INFO: Server startup in 428 ms
Thanks. :) ___________________________________________________________________________ ___ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
-- Alan McKinnon Systems Engineer^W Technician Infrastructure Services Internet Solutions +27 11 575 7585 Please note: This email and its content are subject to the disclaimer as displayed at the following link http://www.is.co.za/legal/E-mail+Confidentiality+Notice+and+Disclaimer.htm. Should you not have Web access, send a mail to disclaimers@is.co.za and a copy will be emailed to you.
Hi, my current config, source s_tomcat_catalina { file("/srv/tomcat/logs/catalina.out" default-facility(local3) default-priority(info)); }; destination df_local3.info { file("/var/log/apache2/tomcat_catalina_log", template("$MESSAGE\n")); }; original log Mar 30, 2010 3:26:26 AM org.apache.jk.common.ChannelSocket init INFO: JK: ajp13 listening on /0.0.0.0:8009 Mar 30, 2010 3:26:26 AM org.apache.jk.server.JkMain start INFO: Jk running ID=0 time=0/15 config=null Mar 30, 2010 3:26:26 AM org.apache.catalina.startup.Catalina start INFO: Server startup in 439 ms the output for tomcat_catalina_out 30, 2010 3:26:26 AM org.apache.jk.common.ChannelSocket init JK: ajp13 listening on /0.0.0.0:8009 30, 2010 3:26:26 AM org.apache.jk.server.JkMain start Jk running ID=0 time=0/15 config=null 30, 2010 3:26:26 AM org.apache.catalina.startup.Catalina start Server startup in 439 ms Some part of the message was missing, any idea why? Thanks again. On Tue, Mar 30, 2010 at 2:58 PM, Alan McKinnon <Alan.McKinnon@is.co.za> wrote:
Use a template and $MESSAGE in the destination.
destination d_tomcat_catalina { file("/path/to/destination/file", template("$MESSAGE\n") ); };
On Tuesday 30 March 2010 08:52:33 BoOnSiOnG wrote:
Hello all,
Good day, I have configure syslog-ng to checks catalina.out every second, but syslog-ng will append date time and machine name to the log, I would like to know is it possible to configure syslog-ng do not alter the original log?
my config,
source s_tomcat_catalina { file("/srv/tomcat/logs/catalina.out" default-facility(local3) default-priority(info)); };
log output, Mar 29 21:43:38 forward Mar: 29, 2010 9:43:37 PM org.apache.coyote.http11.Http11Protocol start Mar 29 21:43:38 forward INFO: Starting Coyote HTTP/1.1 on http-8080 Mar 29 21:43:38 forward Mar: 29, 2010 9:43:37 PM org.apache.jk.common.ChannelSocket init Mar 29 21:43:38 forward INFO: JK: ajp13 listening on /0.0.0.0:8009 Mar 29 21:43:38 forward Mar: 29, 2010 9:43:37 PM org.apache.jk.server.JkMain start Mar 29 21:43:38 forward INFO: Jk running ID=0 time=0/14 config=null Mar 29 21:43:38 forward Mar: 29, 2010 9:43:37 PM org.apache.catalina.startup.Catalina start Mar 29 21:43:38 forward INFO: Server startup in 428 ms
Thanks. :) ___________________________________________________________________________ ___ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
-- Alan McKinnon Systems Engineer^W Technician Infrastructure Services Internet Solutions
+27 11 575 7585
Please note: This email and its content are subject to the disclaimer as displayed at the following link http://www.is.co.za/legal/E-mail+Confidentiality+Notice+and+Disclaimer.htm. Should you not have Web access, send a mail to disclaimers@is.co.za and a copy will be emailed to you. ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
Hi, BoOnSiOnG wrote:
Hi,
my current config,
source s_tomcat_catalina { file("/srv/tomcat/logs/catalina.out" default-facility(local3) default-priority(info)); };
In this case, syslog-ng will try to parse every line as a BSD style message from this file (but they aren't). Use the flags(no-parse) option: source s_tomcat_catalina { file("/srv/tomcat/logs/catalina.out" flags(no-parse) default-facility(local3) default-priority(info)); };
destination df_local3.info { file("/var/log/apache2/tomcat_catalina_log", template("$MESSAGE\n")); };
original log Mar 30, 2010 3:26:26 AM org.apache.jk.common.ChannelSocket init INFO: JK: ajp13 listening on /0.0.0.0:8009 Mar 30, 2010 3:26:26 AM org.apache.jk.server.JkMain start INFO: Jk running ID=0 time=0/15 config=null Mar 30, 2010 3:26:26 AM org.apache.catalina.startup.Catalina start INFO: Server startup in 439 ms
the output for tomcat_catalina_out 30, 2010 3:26:26 AM org.apache.jk.common.ChannelSocket init JK: ajp13 listening on /0.0.0.0:8009 30, 2010 3:26:26 AM org.apache.jk.server.JkMain start Jk running ID=0 time=0/15 config=null 30, 2010 3:26:26 AM org.apache.catalina.startup.Catalina start Server startup in 439 ms
Some part of the message was missing, any idea why?
Thanks again.
On Tue, Mar 30, 2010 at 2:58 PM, Alan McKinnon <Alan.McKinnon@is.co.za> wrote:
Use a template and $MESSAGE in the destination.
destination d_tomcat_catalina { file("/path/to/destination/file", template("$MESSAGE\n") ); };
On Tuesday 30 March 2010 08:52:33 BoOnSiOnG wrote:
Hello all,
Good day, I have configure syslog-ng to checks catalina.out every second, but syslog-ng will append date time and machine name to the log, I would like to know is it possible to configure syslog-ng do not alter the original log?
my config,
source s_tomcat_catalina { file("/srv/tomcat/logs/catalina.out" default-facility(local3) default-priority(info)); };
log output, Mar 29 21:43:38 forward Mar: 29, 2010 9:43:37 PM org.apache.coyote.http11.Http11Protocol start Mar 29 21:43:38 forward INFO: Starting Coyote HTTP/1.1 on http-8080 Mar 29 21:43:38 forward Mar: 29, 2010 9:43:37 PM org.apache.jk.common.ChannelSocket init Mar 29 21:43:38 forward INFO: JK: ajp13 listening on /0.0.0.0:8009 Mar 29 21:43:38 forward Mar: 29, 2010 9:43:37 PM org.apache.jk.server.JkMain start Mar 29 21:43:38 forward INFO: Jk running ID=0 time=0/14 config=null Mar 29 21:43:38 forward Mar: 29, 2010 9:43:37 PM org.apache.catalina.startup.Catalina start Mar 29 21:43:38 forward INFO: Server startup in 428 ms
Thanks. :) ___________________________________________________________________________ ___ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
-- Alan McKinnon Systems Engineer^W Technician Infrastructure Services Internet Solutions
+27 11 575 7585
Please note: This email and its content are subject to the disclaimer as displayed at the following link http://www.is.co.za/legal/E-mail+Confidentiality+Notice+and+Disclaimer.htm. Should you not have Web access, send a mail to disclaimers@is.co.za and a copy will be emailed to you. ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
-- pzolee
Hi, Thank you very much, now it works. another question, by using the same source source s_tomcat_catalina { file("/srv/tomcat/logs/catalina.out" flags(no-parse) default-facility(local3) default-priority(info)); }; if i forward to central loghost via TCP my config, destination ds_forward_catalina { tcp("192.168.203.13", template("$MESSAGE\n")); }; it seems doesn't work, no logs forwarded to the loghost. On Tue, Mar 30, 2010 at 4:03 PM, Zoltán Pallagi <pzolee@balabit.hu> wrote:
Hi,
BoOnSiOnG wrote:
Hi,
my current config,
source s_tomcat_catalina { file("/srv/tomcat/logs/catalina.out" default-facility(local3) default-priority(info)); };
In this case, syslog-ng will try to parse every line as a BSD style message from this file (but they aren't). Use the flags(no-parse) option:
source s_tomcat_catalina { file("/srv/tomcat/logs/catalina.out" flags(no-parse) default-facility(local3) default-priority(info)); };
destination df_local3.info { file("/var/log/apache2/tomcat_catalina_log", template("$MESSAGE\n")); };
original log Mar 30, 2010 3:26:26 AM org.apache.jk.common.ChannelSocket init INFO: JK: ajp13 listening on /0.0.0.0:8009 Mar 30, 2010 3:26:26 AM org.apache.jk.server.JkMain start INFO: Jk running ID=0 time=0/15 config=null Mar 30, 2010 3:26:26 AM org.apache.catalina.startup.Catalina start INFO: Server startup in 439 ms
the output for tomcat_catalina_out 30, 2010 3:26:26 AM org.apache.jk.common.ChannelSocket init JK: ajp13 listening on /0.0.0.0:8009 30, 2010 3:26:26 AM org.apache.jk.server.JkMain start Jk running ID=0 time=0/15 config=null 30, 2010 3:26:26 AM org.apache.catalina.startup.Catalina start Server startup in 439 ms
Some part of the message was missing, any idea why?
Thanks again.
On Tue, Mar 30, 2010 at 2:58 PM, Alan McKinnon <Alan.McKinnon@is.co.za> wrote:
Use a template and $MESSAGE in the destination.
destination d_tomcat_catalina { file("/path/to/destination/file", template("$MESSAGE\n") ); };
On Tuesday 30 March 2010 08:52:33 BoOnSiOnG wrote:
Hello all,
Good day, I have configure syslog-ng to checks catalina.out every second, but syslog-ng will append date time and machine name to the log, I would like to know is it possible to configure syslog-ng do not alter the original log?
my config,
source s_tomcat_catalina { file("/srv/tomcat/logs/catalina.out" default-facility(local3) default-priority(info)); };
log output, Mar 29 21:43:38 forward Mar: 29, 2010 9:43:37 PM org.apache.coyote.http11.Http11Protocol start Mar 29 21:43:38 forward INFO: Starting Coyote HTTP/1.1 on http-8080 Mar 29 21:43:38 forward Mar: 29, 2010 9:43:37 PM org.apache.jk.common.ChannelSocket init Mar 29 21:43:38 forward INFO: JK: ajp13 listening on /0.0.0.0:8009 Mar 29 21:43:38 forward Mar: 29, 2010 9:43:37 PM org.apache.jk.server.JkMain start Mar 29 21:43:38 forward INFO: Jk running ID=0 time=0/14 config=null Mar 29 21:43:38 forward Mar: 29, 2010 9:43:37 PM org.apache.catalina.startup.Catalina start Mar 29 21:43:38 forward INFO: Server startup in 428 ms
Thanks. :) ___________________________________________________________________________ ___ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
-- Alan McKinnon Systems Engineer^W Technician Infrastructure Services Internet Solutions
+27 11 575 7585
Please note: This email and its content are subject to the disclaimer as displayed at the following link http://www.is.co.za/legal/E-mail+Confidentiality+Notice+and+Disclaimer.htm. Should you not have Web access, send a mail to disclaimers@is.co.za and a copy will be emailed to you. ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
-- pzolee
BoOnSiOnG wrote:
Hi,
Thank you very much, now it works.
another question, by using the same source
source s_tomcat_catalina { file("/srv/tomcat/logs/catalina.out" flags(no-parse) default-facility(local3) default-priority(info)); };
if i forward to central loghost via TCP
my config,
destination ds_forward_catalina { tcp("192.168.203.13", template("$MESSAGE\n")); };
it seems doesn't work, no logs forwarded to the loghost.
There is no given port number, are you sure that the syslog-ng of server side is listening on tcp port 514? Also, if syslog-ng has already sent these logs to the server previously and there is no new log, you have to remove $syslog-ng-dir/var/syslog-ng.persist file to resend them. You can also check the debug output of syslog-ng: just start both syslog-ng in debug mode and you may see the problem: syslog-ng -Fevd
On Tue, Mar 30, 2010 at 4:03 PM, Zoltán Pallagi <pzolee@balabit.hu> wrote:
Hi,
BoOnSiOnG wrote:
Hi,
my current config,
source s_tomcat_catalina { file("/srv/tomcat/logs/catalina.out" default-facility(local3) default-priority(info)); };
In this case, syslog-ng will try to parse every line as a BSD style message from this file (but they aren't). Use the flags(no-parse) option:
source s_tomcat_catalina { file("/srv/tomcat/logs/catalina.out" flags(no-parse) default-facility(local3) default-priority(info)); };
destination df_local3.info { file("/var/log/apache2/tomcat_catalina_log", template("$MESSAGE\n")); };
original log Mar 30, 2010 3:26:26 AM org.apache.jk.common.ChannelSocket init INFO: JK: ajp13 listening on /0.0.0.0:8009 Mar 30, 2010 3:26:26 AM org.apache.jk.server.JkMain start INFO: Jk running ID=0 time=0/15 config=null Mar 30, 2010 3:26:26 AM org.apache.catalina.startup.Catalina start INFO: Server startup in 439 ms
the output for tomcat_catalina_out 30, 2010 3:26:26 AM org.apache.jk.common.ChannelSocket init JK: ajp13 listening on /0.0.0.0:8009 30, 2010 3:26:26 AM org.apache.jk.server.JkMain start Jk running ID=0 time=0/15 config=null 30, 2010 3:26:26 AM org.apache.catalina.startup.Catalina start Server startup in 439 ms
Some part of the message was missing, any idea why?
Thanks again.
On Tue, Mar 30, 2010 at 2:58 PM, Alan McKinnon <Alan.McKinnon@is.co.za> wrote:
Use a template and $MESSAGE in the destination.
destination d_tomcat_catalina { file("/path/to/destination/file", template("$MESSAGE\n") ); };
On Tuesday 30 March 2010 08:52:33 BoOnSiOnG wrote:
Hello all,
Good day, I have configure syslog-ng to checks catalina.out every second, but syslog-ng will append date time and machine name to the log, I would like to know is it possible to configure syslog-ng do not alter the original log?
my config,
source s_tomcat_catalina { file("/srv/tomcat/logs/catalina.out" default-facility(local3) default-priority(info)); };
log output, Mar 29 21:43:38 forward Mar: 29, 2010 9:43:37 PM org.apache.coyote.http11.Http11Protocol start Mar 29 21:43:38 forward INFO: Starting Coyote HTTP/1.1 on http-8080 Mar 29 21:43:38 forward Mar: 29, 2010 9:43:37 PM org.apache.jk.common.ChannelSocket init Mar 29 21:43:38 forward INFO: JK: ajp13 listening on /0.0.0.0:8009 Mar 29 21:43:38 forward Mar: 29, 2010 9:43:37 PM org.apache.jk.server.JkMain start Mar 29 21:43:38 forward INFO: Jk running ID=0 time=0/14 config=null Mar 29 21:43:38 forward Mar: 29, 2010 9:43:37 PM org.apache.catalina.startup.Catalina start Mar 29 21:43:38 forward INFO: Server startup in 428 ms
Thanks. :) ___________________________________________________________________________ ___ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
-- Alan McKinnon Systems Engineer^W Technician Infrastructure Services Internet Solutions
+27 11 575 7585
Please note: This email and its content are subject to the disclaimer as displayed at the following link http://www.is.co.za/legal/E-mail+Confidentiality+Notice+and+Disclaimer.htm. Should you not have Web access, send a mail to disclaimers@is.co.za and a copy will be emailed to you. ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
-- pzolee
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
-- pzolee
participants (3)
-
Alan McKinnon
-
BoOnSiOnG
-
Zoltán Pallagi