Rewriting log messages
We've been using the syslog-ng-anon patch[1] to rewrite log traffic (mainly to remove the redundant integer timestamp logged by qmail-pop3d via splogger(8)). We're looking at the upcoming syslog-ng 2.0 upgrade that's coming with the next Debian release (etch) and haven't been able to find an equivalent. I saw a request or two[2] for a feature like this, but don't see it in the latest syslog-ng source or docs. Is a feature like this planned, or is there another way I can go about rewriting log traffic? thanks, john [1] http://dev.riseup.net/privacy/syslog-ng-anon/ [2] https://lists.balabit.hu/pipermail/syslog-ng/2006-August/009129.html -- John Morrissey _o /\ ---- __o jwm@horde.net _-< \_ / \ ---- < \, www.horde.net/ __(_)/_(_)________/ \_______(_) /_(_)__
On Tue, 2006-12-05 at 10:18 -0500, John Morrissey wrote:
We've been using the syslog-ng-anon patch[1] to rewrite log traffic (mainly to remove the redundant integer timestamp logged by qmail-pop3d via splogger(8)).
We're looking at the upcoming syslog-ng 2.0 upgrade that's coming with the next Debian release (etch) and haven't been able to find an equivalent. I saw a request or two[2] for a feature like this, but don't see it in the latest syslog-ng source or docs.
Is a feature like this planned, or is there another way I can go about rewriting log traffic?
This topic comes up every now and then, but it did not hit the threshold that'd trigger me to actually implement it. That's the current state of affairs. I received two triggers now (one for rewriting facilities, one for stripping IP information), so it moved a bit higher on the priority list. -- Bazsi
Hello; I have two issues; 1. I wish to prune, on a daily basis, *everything* under /var/log, which consists of both files and directories, sometimes 6 subdirs deep. I am thinking about using this for syslog-ng.logrotate: /var/log/* /var/log/*/* { sharedscripts weekly rotate 6 compress postrotate /bin/kill -HUP `cat /var/run/syslog-ng.pid 2> /dev/null` 2> /dev/null || true endscript } Would this rotate everything for me properly? 2. The other issue that I am having is that I wish to rotate now, my filesystem is fill, but since I did not rotate, all of my logfiles are one. How can I prune them of any data prior to say 15 Nov for *each* logfile? Thank you again, .vp
On 12/6/06, Vadim Pushkin <wiskbroom@hotmail.com> wrote:
2. The other issue that I am having is that I wish to rotate now, my filesystem is fill, but since I did not rotate, all of my logfiles are one. How can I prune them of any data prior to say 15 Nov for *each* logfile? find /var/log -type f -exec sed -i '/15 Nov/d' {} \; should work - is untested, though :)
Thank you again,
.vp Cheers
participants (4)
-
Andrej Ricnik-Bay
-
Balazs Scheidler
-
John Morrissey
-
Vadim Pushkin