'lo I am the main author of a GPL packaged called Syslog Management Tool(SMT) - smt.dangermen.com. I am currently using Modular Syslog as the syslog package to import from syslog to PostgreSQL. I have found it has issues with about anymore than 70 messages per second. Modular Syslog also looks largely abandoned. Syslog-ng appears to be able to replace the functionality Modular Syslog via the use of pipes. The issue I have found with Syslog-NG is that it does convert the facility & priority/severity to full names when writing. Today I have Modular Syslog writing facility and severity as individual decimal values rather than the aggregate 0-255 decimal(see the table layout below). I was wondering if someone knew of a way to get Syslog-NG to write out the facility/priority values separately? .ie via the syslog-ng.conf filtering/manipulation kung fu? Or does this look like a modification that I will have to make in the .c code? TSyslog=# \d tsyslog Table "public.tsyslog" Column | Type | Modifiers ------------+------------------------+----------------------------------------------------------------- tsyslog_id | bigint | not null default nextval('public.tsyslog_tsyslog_id_seq'::text) facility | integer | severity | integer | date | date | time | time without time zone | host | character varying(128) | message | text | Indexes: "tsyslog_pkey" PRIMARY KEY, btree (tsyslog_id) "host_idx" btree (host) "tsyslhostid_idx" btree (tsyslog_id, host) "tsyslogdatetime_idx" btree (date, "time") -- -------------------------------------------------- Jeremy M. Guthrie jeremy.guthrie@berbee.com Senior Network Engineer Phone: 608-298-1061 Berbee Fax: 608-288-3007 5520 Research Park Drive NOC: 608-298-1102 Madison, WI 53711
On Mon, 2006-05-22 at 20:11 -0500, Jeremy M. Guthrie wrote:
The issue I have found with Syslog-NG is that it does convert the facility & priority/severity to full names when writing. Today I have Modular Syslog writing facility and severity as individual decimal values rather than the aggregate 0-255 decimal(see the table layout below). I was wondering if someone knew of a way to get Syslog-NG to write out the facility/priority values separately? .ie via the syslog-ng.conf filtering/manipulation kung fu? Or does this look like a modification that I will have to make in the .c code?
It depends on the template that you use, $FACILITY and $LEVEL writes it using names if possible, $TAG is a hexadecimal value for the facility/priority combined, and $PRI is the same in decimal. There's currently no macro for generating facility/priority separately in numeric form, it is not difficult to add though. An alternative solution would be to convert your tables to the 'enum' data type of mysql, which stores an integer internally, but accepts/shows the string representation. -- Bazsi
On Tuesday 23 May 2006 05:06, Balazs Scheidler wrote:
On Mon, 2006-05-22 at 20:11 -0500, Jeremy M. Guthrie wrote:
The issue I have found with Syslog-NG is that it does convert the facility & priority/severity to full names when writing. Today I have Modular Syslog writing facility and severity as individual decimal values rather than the aggregate 0-255 decimal(see the table layout below). I was wondering if someone knew of a way to get Syslog-NG to write out the facility/priority values separately? .ie via the syslog-ng.conf filtering/manipulation kung fu? Or does this look like a modification that I will have to make in the .c code?
It depends on the template that you use, $FACILITY and $LEVEL writes it using names if possible, $TAG is a hexadecimal value for the facility/priority combined, and $PRI is the same in decimal.
There's currently no macro for generating facility/priority separately in numeric form, it is not difficult to add though. Yeah, this is where I am leaning. I've got a pile of code I'd have to change otherwise.
An alternative solution would be to convert your tables to the 'enum' data type of mysql, which stores an integer internally, but accepts/shows the string representation.
-- -------------------------------------------------- Jeremy M. Guthrie jeremy.guthrie@berbee.com Senior Network Engineer Phone: 608-298-1061 Berbee Fax: 608-288-3007 5520 Research Park Drive NOC: 608-298-1102 Madison, WI 53711
I'm relatively new to syslog-ng. I've just compiled and installed it on a Sun 4100 (Opteron) running Solaris 10. Regardless of whether I activate it using svc or run it manually, the first time a log message shows up, I get the following error message: May 19 14:16:50 galaxy04 syslog-ng[1807]: Insufficient buffer space for retrieving STREAMS log message; res='ffffffff' I haven't got a clue where to look to resolve this. I've done some initial scans on the internet for possible clues, but have come up blank. Any suggestions? Thanks.
On Tue, 2006-05-23 at 12:57 -0400, Robert Gahl wrote:
I'm relatively new to syslog-ng. I've just compiled and installed it on a Sun 4100 (Opteron) running Solaris 10. Regardless of whether I activate it using svc or run it manually, the first time a log message shows up, I get the following error message:
May 19 14:16:50 galaxy04 syslog-ng[1807]: Insufficient buffer space for retrieving STREAMS log message; res='ffffffff'
I haven't got a clue where to look to resolve this. I've done some initial scans on the internet for possible clues, but have come up blank.
This is a bug in 1.9.10 which was fixed in snapshots later than 2006-05-01. I'm about to release 1.9.11, so you could simply wait for that. BTW: if you are new to syslog-ng you might prefer to stay with the current stable series, which is 1.6.x, however testing the 1.9.x branch is certainly appreciated, I would like to release it as the new stable release soon. -- Bazsi
On Tue, May 23, 2006 2:48 pm, Balazs Scheidler said:
This is a bug in 1.9.10 which was fixed in snapshots later than 2006-05-01.
I'm about to release 1.9.11, so you could simply wait for that.
BTW: if you are new to syslog-ng you might prefer to stay with the current stable series, which is 1.6.x, however testing the 1.9.x branch is certainly appreciated, I would like to release it as the new stable release soon.
Thanks, Balazs. I've dl'd 1.9.11 and am having a different problem compiling it now. My configure line looks like: ./configure CFLAGS="-lrt -L/usr/local/lib -R/usr/local/lib" --enable-dynamic-linking --disable-ipv6 The configure seems to go flawlessly, but when I gmake, I get: if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I/usr/local/include/glib-2.0 -I/usr/local/lib/glib-2.0/include -I/usr/local/include/eventlog -D_GNU_SOURCE -lrt -L/usr/local/lib -R/usr/local/lib -Wall -g -MT afinet.o -MD -MP -MF ".deps/afinet.Tpo" \ -c -o afinet.o `test -f 'afinet.c' || echo './'`afinet.c; \ then mv -f ".deps/afinet.Tpo" ".deps/afinet.Po"; \ else rm -f ".deps/afinet.Tpo"; exit 1; \ fi afinet.c: In function `afinet_resolve_name': afinet.c:81: warning: implicit declaration of function `memset' afinet.c: In function `afinet_setup_socket': afinet.c:156: error: `SOL_IP' undeclared (first use in this function) afinet.c:156: error: (Each undeclared identifier is reported only once afinet.c:156: error: for each function it appears in.) afinet.c: In function `afinet_sd_new': afinet.c:246: warning: implicit declaration of function `g_sockaddr_inet6_new' afinet.c:246: warning: assignment makes pointer from integer without a cast afinet.c: In function `afinet_dd_new': afinet.c:303: warning: assignment makes pointer from integer without a cast afinet.c:304: warning: assignment makes pointer from integer without a cast gmake[2]: *** [afinet.o] Error 1 gmake[2]: Leaving directory `/usr/local/src/syslog-ng-1.9.11/src' gmake[1]: *** [all-recursive] Error 1 gmake[1]: Leaving directory `/usr/local/src/syslog-ng-1.9.11' gmake: *** [all] Error 2 I've been digging around for the SOL_IP declaration, but w/o luck. If this is too much trouble, I'll bounce back to 1.6.x.
On Tue, 2006-05-23 at 16:25 -0400, Robert Gahl wrote:
On Tue, May 23, 2006 2:48 pm, Balazs Scheidler said:
This is a bug in 1.9.10 which was fixed in snapshots later than 2006-05-01.
I'm about to release 1.9.11, so you could simply wait for that.
BTW: if you are new to syslog-ng you might prefer to stay with the current stable series, which is 1.6.x, however testing the 1.9.x branch is certainly appreciated, I would like to release it as the new stable release soon.
Thanks, Balazs. I've dl'd 1.9.11 and am having a different problem compiling it now. My configure line looks like:
./configure CFLAGS="-lrt -L/usr/local/lib -R/usr/local/lib" --enable-dynamic-linking --disable-ipv6
The attached patch should fix it. FYI: the explicit -lrt in CFLAGS should not be needed by now. -- Bazsi
I am in the process of trying to create a macro FAC / SEV to produce the two numeric values I need for facility / priority. I've been looking over the source code and I was going to model those macros off of M_LEVEL macro. I am using 1.6.10 at the moment. When I check my changes.... my code doesn't seem to produce the desired results. ;) Not sure if I am missing something relative to static unsigned char lengthtable[] & static struct macro_def wordlist[] ? Am I missing something obvious? It also appears I may have broken other macros such as SEC, LEVEL, and a few others. Did I shift something relative to the lengthtable that might have hosed the program? It's been a while since I have coded much of anything in 'c'. Thanks diff -c --recursive syslog-ng-1.6.10-jeremy/src/macros-gperf.c syslog-ng-1.6.10/src/macros-gperf.c *** syslog-ng-1.6.10-jeremy/src/macros-gperf.c 2006-05-23 21:43:14.000000000 -0500 --- syslog-ng-1.6.10/src/macros-gperf.c 2004-12-13 12:16:14.000000000 -0600 *************** *** 32,38 **** #include "macros.h" struct macro_def { char *name; int id; int len; }; ! #define TOTAL_KEYWORDS 55 #define MIN_WORD_LENGTH 2 #define MAX_WORD_LENGTH 13 #define MIN_HASH_VALUE 2 --- 32,38 ---- #include "macros.h" struct macro_def { char *name; int id; int len; }; ! #define TOTAL_KEYWORDS 53 #define MIN_WORD_LENGTH 2 #define MAX_WORD_LENGTH 13 #define MIN_HASH_VALUE 2 *************** *** 150,157 **** {"R_DATE", M_DATE_RECVD}, {""}, {"PRI", M_PRI}, - {"FAC", M_FAC}, - {"SEV", M_SEV}, {"R_WEEKDAY", M_WEEKDAY_RECVD}, {"S_TZOFFSET", M_TZOFFSET_STAMP}, {"S_DATE", M_DATE_STAMP}, --- 150,155 ---- diff -c --recursive syslog-ng-1.6.10-jeremy/src/macros.c syslog-ng-1.6.10/src/macros.c *** syslog-ng-1.6.10-jeremy/src/macros.c 2006-05-23 22:33:11.000000000 -0500 --- syslog-ng-1.6.10/src/macros.c 2006-02-14 04:05:51.000000000 -0600 *************** *** 192,205 **** length = snprintf(*dest, *left, "%d", msg->pri); break; } - case M_FAC: { - length = snprintf(*dest, *left, "%d", ( msg->pri - ( msg->pri % 8 ) ) / 8 ); - break; - } - case M_SEV: { - length = snprintf(*dest, *left, "%d", ( msg->pri % 8 )) ; - break; - } case M_SOURCE_IP: { char *ip; --- 192,197 ---- *************** *** 456,463 **** { "LEVEL", M_LEVEL }, { "TAG", M_TAG }, { "PRI", M_PRI }, - { "FAC", M_FAC}, - { "SEV", M_SEV}, { "DATE", M_DATE }, { "FULLDATE", M_FULLDATE }, --- 448,453 ---- diff -c --recursive syslog-ng-1.6.10-jeremy/src/macros.gprf syslog-ng-1.6.10/src/macros.gprf *** syslog-ng-1.6.10-jeremy/src/macros.gprf 2006-05-23 21:30:01.000000000 -0500 --- syslog-ng-1.6.10/src/macros.gprf 2004-12-13 12:15:34.000000000 -0600 *************** *** 8,15 **** LEVEL, M_LEVEL TAG, M_TAG PRI, M_PRI - FAC, M_FAC - SEV, M_SEV DATE, M_DATE FULLDATE, M_FULLDATE ISODATE, M_ISODATE --- 8,13 ---- diff -c --recursive syslog-ng-1.6.10-jeremy/src/macros.h syslog-ng-1.6.10/src/macros.h *** syslog-ng-1.6.10-jeremy/src/macros.h 2006-05-23 22:27:04.000000000 -0500 --- syslog-ng-1.6.10/src/macros.h 2004-05-06 02:37:10.000000000 -0500 *************** *** 29,36 **** #define M_LEVEL 10 #define M_TAG 20 #define M_PRI 21 - #define M_FAC 22 - #define M_SEV 23 #define M_DATE 30 #define M_FULLDATE 40 --- 29,34 ---- On Tuesday 23 May 2006 05:06, Balazs Scheidler wrote:
On Mon, 2006-05-22 at 20:11 -0500, Jeremy M. Guthrie wrote:
The issue I have found with Syslog-NG is that it does convert the facility & priority/severity to full names when writing. Today I have Modular Syslog writing facility and severity as individual decimal values rather than the aggregate 0-255 decimal(see the table layout below). I was wondering if someone knew of a way to get Syslog-NG to write out the facility/priority values separately? .ie via the syslog-ng.conf filtering/manipulation kung fu? Or does this look like a modification that I will have to make in the .c code?
It depends on the template that you use, $FACILITY and $LEVEL writes it using names if possible, $TAG is a hexadecimal value for the facility/priority combined, and $PRI is the same in decimal.
There's currently no macro for generating facility/priority separately in numeric form, it is not difficult to add though. An alternative solution would be to convert your tables to the 'enum' data type of mysql, which stores an integer internally, but accepts/shows the string representation.
-- -------------------------------------------------- Jeremy M. Guthrie jeremy.guthrie@berbee.com Senior Network Engineer Phone: 608-298-1061 Berbee Fax: 608-288-3007 5520 Research Park Drive NOC: 608-298-1102 Madison, WI 53711
On Tue, 2006-05-23 at 22:37 -0500, Jeremy M. Guthrie wrote:
I am in the process of trying to create a macro FAC / SEV to produce the two numeric values I need for facility / priority. I've been looking over the source code and I was going to model those macros off of M_LEVEL macro. I am using 1.6.10 at the moment.
When I check my changes.... my code doesn't seem to produce the desired results. ;)
Not sure if I am missing something relative to static unsigned char lengthtable[] & static struct macro_def wordlist[] ?
Am I missing something obvious? It also appears I may have broken other macros such as SEC, LEVEL, and a few others. Did I shift something relative to the lengthtable that might have hosed the program? It's been a while since I have coded much of anything in 'c'.
Attached patch should do what you wanted, can you test it please, before I commit it? I've changed the macro names, to avoid introducing another term for severity. macros-gperf.c is autogenerated using gperf that's why you broke the hash lookup algorithm by adding elements at random locations in that array. Index: macros.c =================================================================== RCS file: /var/cvs/syslog-ng/syslog-ng/src/macros.c,v retrieving revision 1.4.4.8 diff -u -r1.4.4.8 macros.c --- macros.c 14 Feb 2006 10:05:51 -0000 1.4.4.8 +++ macros.c 24 May 2006 09:29:51 -0000 @@ -171,6 +171,10 @@ } break; } + case M_FACILITY_NUM: { + length = snprintf(*dest, *left, "%d", (msg->pri & LOG_FACMASK) >> 3); + break; + } case M_LEVEL: { /* level */ char *n = syslog_lookup_value(msg->pri & LOG_PRIMASK, sl_levels); @@ -184,6 +188,10 @@ break; } + case M_LEVEL_NUM: { + length = snprintf(*dest, *left, "%d", (msg->pri % LOG_PRIMASK)); + break; + } case M_TAG: { length = snprintf(*dest, *left, "%02x", msg->pri); break; Index: macros.gprf =================================================================== RCS file: /var/cvs/syslog-ng/syslog-ng/src/macros.gprf,v retrieving revision 1.1.4.2 diff -u -r1.1.4.2 macros.gprf --- macros.gprf 13 Dec 2004 18:17:58 -0000 1.1.4.2 +++ macros.gprf 24 May 2006 09:29:51 -0000 @@ -4,8 +4,10 @@ struct macro_def { char *name; int id; int len; }; %% FACILITY, M_FACILITY +FACILITY_NUM, M_FACILITY_NUM PRIORITY, M_LEVEL LEVEL, M_LEVEL +LEVEL_NUM, M_LEVEL_NUM TAG, M_TAG PRI, M_PRI DATE, M_DATE Index: macros.h =================================================================== RCS file: /var/cvs/syslog-ng/syslog-ng/src/macros.h,v retrieving revision 1.2.4.2 diff -u -r1.2.4.2 macros.h --- macros.h 6 May 2004 07:37:10 -0000 1.2.4.2 +++ macros.h 24 May 2006 09:29:51 -0000 @@ -25,10 +25,12 @@ #ifndef __MACROS_H #define __MACROS_H -#define M_FACILITY 0 -#define M_LEVEL 10 -#define M_TAG 20 -#define M_PRI 21 +#define M_FACILITY 0 +#define M_FACILITY_NUM 1 +#define M_LEVEL 10 +#define M_LEVEL_NUM 11 +#define M_TAG 20 +#define M_PRI 21 #define M_DATE 30 #define M_FULLDATE 40 -- Bazsi
I will test today and get back to you. Thanks1 On Wednesday 24 May 2006 04:32, Balazs Scheidler wrote:
On Tue, 2006-05-23 at 22:37 -0500, Jeremy M. Guthrie wrote:
I am in the process of trying to create a macro FAC / SEV to produce the two numeric values I need for facility / priority. I've been looking over the source code and I was going to model those macros off of M_LEVEL macro. I am using 1.6.10 at the moment.
When I check my changes.... my code doesn't seem to produce the desired results. ;)
Not sure if I am missing something relative to static unsigned char lengthtable[] & static struct macro_def wordlist[] ?
Am I missing something obvious? It also appears I may have broken other macros such as SEC, LEVEL, and a few others. Did I shift something relative to the lengthtable that might have hosed the program? It's been a while since I have coded much of anything in 'c'.
Attached patch should do what you wanted, can you test it please, before I commit it?
I've changed the macro names, to avoid introducing another term for severity.
macros-gperf.c is autogenerated using gperf that's why you broke the hash lookup algorithm by adding elements at random locations in that array.
Index: macros.c =================================================================== RCS file: /var/cvs/syslog-ng/syslog-ng/src/macros.c,v retrieving revision 1.4.4.8 diff -u -r1.4.4.8 macros.c --- macros.c 14 Feb 2006 10:05:51 -0000 1.4.4.8 +++ macros.c 24 May 2006 09:29:51 -0000 @@ -171,6 +171,10 @@ } break; } + case M_FACILITY_NUM: { + length = snprintf(*dest, *left, "%d", (msg->pri & LOG_FACMASK) >> 3); + break; + } case M_LEVEL: { /* level */ char *n = syslog_lookup_value(msg->pri & LOG_PRIMASK, sl_levels); @@ -184,6 +188,10 @@
break; } + case M_LEVEL_NUM: { + length = snprintf(*dest, *left, "%d", (msg->pri % LOG_PRIMASK)); + break; + } case M_TAG: { length = snprintf(*dest, *left, "%02x", msg->pri); break; Index: macros.gprf =================================================================== RCS file: /var/cvs/syslog-ng/syslog-ng/src/macros.gprf,v retrieving revision 1.1.4.2 diff -u -r1.1.4.2 macros.gprf --- macros.gprf 13 Dec 2004 18:17:58 -0000 1.1.4.2 +++ macros.gprf 24 May 2006 09:29:51 -0000 @@ -4,8 +4,10 @@ struct macro_def { char *name; int id; int len; }; %% FACILITY, M_FACILITY +FACILITY_NUM, M_FACILITY_NUM PRIORITY, M_LEVEL LEVEL, M_LEVEL +LEVEL_NUM, M_LEVEL_NUM TAG, M_TAG PRI, M_PRI DATE, M_DATE Index: macros.h =================================================================== RCS file: /var/cvs/syslog-ng/syslog-ng/src/macros.h,v retrieving revision 1.2.4.2 diff -u -r1.2.4.2 macros.h --- macros.h 6 May 2004 07:37:10 -0000 1.2.4.2 +++ macros.h 24 May 2006 09:29:51 -0000 @@ -25,10 +25,12 @@ #ifndef __MACROS_H #define __MACROS_H
-#define M_FACILITY 0 -#define M_LEVEL 10 -#define M_TAG 20 -#define M_PRI 21 +#define M_FACILITY 0 +#define M_FACILITY_NUM 1 +#define M_LEVEL 10 +#define M_LEVEL_NUM 11 +#define M_TAG 20 +#define M_PRI 21
#define M_DATE 30 #define M_FULLDATE 40
-- -------------------------------------------------- Jeremy M. Guthrie jeremy.guthrie@berbee.com Senior Network Engineer Phone: 608-298-1061 Berbee Fax: 608-288-3007 5520 Research Park Drive NOC: 608-298-1102 Madison, WI 53711
Something is not quite right. Here is what I tested with: logger -p user.emerg `date` emerg logger -p user.alert `date` alert logger -p user.crit `date` crit logger -p user.err `date` err logger -p user.warning `date` warning logger -p user.notice `date` notice logger -p user.info `date` info logger -p user.debug `date` debug Here is what Modular Syslog recorded to the database: TSyslog=# select facility,severity,host,message from tsyslog; facility | severity | host | message ----------+----------+-------+---------------------------------------------- 1 | 0 | plato | logger: Wed May 24 10:36:46 CDT 2006 emerg 1 | 1 | plato | logger: Wed May 24 10:36:46 CDT 2006 alert 1 | 2 | plato | logger: Wed May 24 10:36:46 CDT 2006 crit 1 | 3 | plato | logger: Wed May 24 10:36:46 CDT 2006 err 1 | 4 | plato | logger: Wed May 24 10:36:46 CDT 2006 warning 1 | 5 | plato | logger: Wed May 24 10:36:46 CDT 2006 notice 1 | 6 | plato | logger: Wed May 24 10:36:46 CDT 2006 info 1 | 7 | plato | logger: Wed May 24 10:36:46 CDT 2006 debug Here is what Syslog-NG wrote to a flat file: FACILITY: 1 SEVERITY: 1 MESSAGE: logger: Wed May 24 10:31:42 CDT 2006 emerg FACILITY: 1 SEVERITY: 2 MESSAGE: logger: Wed May 24 10:31:42 CDT 2006 alert FACILITY: 1 SEVERITY: 3 MESSAGE: logger: Wed May 24 10:31:42 CDT 2006 crit FACILITY: 1 SEVERITY: 4 MESSAGE: logger: Wed May 24 10:31:42 CDT 2006 err FACILITY: 1 SEVERITY: 5 MESSAGE: logger: Wed May 24 10:31:42 CDT 2006 warning FACILITY: 1 SEVERITY: 6 MESSAGE: logger: Wed May 24 10:31:42 CDT 2006 notice FACILITY: 1 SEVERITY: 0 MESSAGE: logger: Wed May 24 10:31:42 CDT 2006 info FACILITY: 1 SEVERITY: 1 MESSAGE: logger: Wed May 24 10:31:42 CDT 2006 debug On Wednesday 24 May 2006 04:32, Balazs Scheidler wrote:
On Tue, 2006-05-23 at 22:37 -0500, Jeremy M. Guthrie wrote:
I am in the process of trying to create a macro FAC / SEV to produce the two numeric values I need for facility / priority. I've been looking over the source code and I was going to model those macros off of M_LEVEL macro. I am using 1.6.10 at the moment.
When I check my changes.... my code doesn't seem to produce the desired results. ;)
Not sure if I am missing something relative to static unsigned char lengthtable[] & static struct macro_def wordlist[] ?
Am I missing something obvious? It also appears I may have broken other macros such as SEC, LEVEL, and a few others. Did I shift something relative to the lengthtable that might have hosed the program? It's been a while since I have coded much of anything in 'c'.
Attached patch should do what you wanted, can you test it please, before I commit it?
I've changed the macro names, to avoid introducing another term for severity.
macros-gperf.c is autogenerated using gperf that's why you broke the hash lookup algorithm by adding elements at random locations in that array.
Index: macros.c =================================================================== RCS file: /var/cvs/syslog-ng/syslog-ng/src/macros.c,v retrieving revision 1.4.4.8 diff -u -r1.4.4.8 macros.c --- macros.c 14 Feb 2006 10:05:51 -0000 1.4.4.8 +++ macros.c 24 May 2006 09:29:51 -0000 @@ -171,6 +171,10 @@ } break; } + case M_FACILITY_NUM: { + length = snprintf(*dest, *left, "%d", (msg->pri & LOG_FACMASK) >> 3); + break; + } case M_LEVEL: { /* level */ char *n = syslog_lookup_value(msg->pri & LOG_PRIMASK, sl_levels); @@ -184,6 +188,10 @@
break; } + case M_LEVEL_NUM: { + length = snprintf(*dest, *left, "%d", (msg->pri % LOG_PRIMASK)); + break; + } case M_TAG: { length = snprintf(*dest, *left, "%02x", msg->pri); break; Index: macros.gprf =================================================================== RCS file: /var/cvs/syslog-ng/syslog-ng/src/macros.gprf,v retrieving revision 1.1.4.2 diff -u -r1.1.4.2 macros.gprf --- macros.gprf 13 Dec 2004 18:17:58 -0000 1.1.4.2 +++ macros.gprf 24 May 2006 09:29:51 -0000 @@ -4,8 +4,10 @@ struct macro_def { char *name; int id; int len; }; %% FACILITY, M_FACILITY +FACILITY_NUM, M_FACILITY_NUM PRIORITY, M_LEVEL LEVEL, M_LEVEL +LEVEL_NUM, M_LEVEL_NUM TAG, M_TAG PRI, M_PRI DATE, M_DATE Index: macros.h =================================================================== RCS file: /var/cvs/syslog-ng/syslog-ng/src/macros.h,v retrieving revision 1.2.4.2 diff -u -r1.2.4.2 macros.h --- macros.h 6 May 2004 07:37:10 -0000 1.2.4.2 +++ macros.h 24 May 2006 09:29:51 -0000 @@ -25,10 +25,12 @@ #ifndef __MACROS_H #define __MACROS_H
-#define M_FACILITY 0 -#define M_LEVEL 10 -#define M_TAG 20 -#define M_PRI 21 +#define M_FACILITY 0 +#define M_FACILITY_NUM 1 +#define M_LEVEL 10 +#define M_LEVEL_NUM 11 +#define M_TAG 20 +#define M_PRI 21
#define M_DATE 30 #define M_FULLDATE 40
-- -------------------------------------------------- Jeremy M. Guthrie jeremy.guthrie@berbee.com Senior Network Engineer Phone: 608-298-1061 Berbee Fax: 608-288-3007 5520 Research Park Drive NOC: 608-298-1102 Madison, WI 53711
Not sure if this got missed, sorry for the repost. Something is not quite right, facility/priority in Syslog-NG does not appear to be lining up correctly. Here is what I tested with: logger -p user.emerg `date` emerg logger -p user.alert `date` alert logger -p user.crit `date` crit logger -p user.err `date` err logger -p user.warning `date` warning logger -p user.notice `date` notice logger -p user.info `date` info logger -p user.debug `date` debug Here is what Modular Syslog recorded to the database: TSyslog=# select facility,severity,host,message from tsyslog; facility | severity | host | message ----------+----------+-------+---------------------------------------------- 1 | 0 | plato | logger: Wed May 24 10:36:46 CDT 2006 emerg 1 | 1 | plato | logger: Wed May 24 10:36:46 CDT 2006 alert 1 | 2 | plato | logger: Wed May 24 10:36:46 CDT 2006 crit 1 | 3 | plato | logger: Wed May 24 10:36:46 CDT 2006 err 1 | 4 | plato | logger: Wed May 24 10:36:46 CDT 2006 warning 1 | 5 | plato | logger: Wed May 24 10:36:46 CDT 2006 notice 1 | 6 | plato | logger: Wed May 24 10:36:46 CDT 2006 info 1 | 7 | plato | logger: Wed May 24 10:36:46 CDT 2006 debug Here is what Syslog-NG wrote to a flat file: FACILITY: 1 SEVERITY: 1 MESSAGE: logger: Wed May 24 10:31:42 CDT 2006 emerg FACILITY: 1 SEVERITY: 2 MESSAGE: logger: Wed May 24 10:31:42 CDT 2006 alert FACILITY: 1 SEVERITY: 3 MESSAGE: logger: Wed May 24 10:31:42 CDT 2006 crit FACILITY: 1 SEVERITY: 4 MESSAGE: logger: Wed May 24 10:31:42 CDT 2006 err FACILITY: 1 SEVERITY: 5 MESSAGE: logger: Wed May 24 10:31:42 CDT 2006 warning FACILITY: 1 SEVERITY: 6 MESSAGE: logger: Wed May 24 10:31:42 CDT 2006 notice FACILITY: 1 SEVERITY: 0 MESSAGE: logger: Wed May 24 10:31:42 CDT 2006 info FACILITY: 1 SEVERITY: 1 MESSAGE: logger: Wed May 24 10:31:42 CDT 2006 debug On Wednesday 24 May 2006 04:32, Balazs Scheidler wrote:
On Tue, 2006-05-23 at 22:37 -0500, Jeremy M. Guthrie wrote:
I am in the process of trying to create a macro FAC / SEV to produce the two numeric values I need for facility / priority. I've been looking over the source code and I was going to model those macros off of M_LEVEL macro. I am using 1.6.10 at the moment.
When I check my changes.... my code doesn't seem to produce the desired results. ;)
Not sure if I am missing something relative to static unsigned char lengthtable[] & static struct macro_def wordlist[] ?
Am I missing something obvious? It also appears I may have broken other macros such as SEC, LEVEL, and a few others. Did I shift something relative to the lengthtable that might have hosed the program? It's been a while since I have coded much of anything in 'c'.
Attached patch should do what you wanted, can you test it please, before I commit it?
I've changed the macro names, to avoid introducing another term for severity.
macros-gperf.c is autogenerated using gperf that's why you broke the hash lookup algorithm by adding elements at random locations in that array.
Index: macros.c =================================================================== RCS file: /var/cvs/syslog-ng/syslog-ng/src/macros.c,v retrieving revision 1.4.4.8 diff -u -r1.4.4.8 macros.c --- macros.c 14 Feb 2006 10:05:51 -0000 1.4.4.8 +++ macros.c 24 May 2006 09:29:51 -0000 @@ -171,6 +171,10 @@ } break; } + case M_FACILITY_NUM: { + length = snprintf(*dest, *left, "%d", (msg->pri & LOG_FACMASK) >> 3); + break; + } case M_LEVEL: { /* level */ char *n = syslog_lookup_value(msg->pri & LOG_PRIMASK, sl_levels); @@ -184,6 +188,10 @@
break; } + case M_LEVEL_NUM: { + length = snprintf(*dest, *left, "%d", (msg->pri % LOG_PRIMASK)); + break; + } case M_TAG: { length = snprintf(*dest, *left, "%02x", msg->pri); break; Index: macros.gprf =================================================================== RCS file: /var/cvs/syslog-ng/syslog-ng/src/macros.gprf,v retrieving revision 1.1.4.2 diff -u -r1.1.4.2 macros.gprf --- macros.gprf 13 Dec 2004 18:17:58 -0000 1.1.4.2 +++ macros.gprf 24 May 2006 09:29:51 -0000 @@ -4,8 +4,10 @@ struct macro_def { char *name; int id; int len; }; %% FACILITY, M_FACILITY +FACILITY_NUM, M_FACILITY_NUM PRIORITY, M_LEVEL LEVEL, M_LEVEL +LEVEL_NUM, M_LEVEL_NUM TAG, M_TAG PRI, M_PRI DATE, M_DATE Index: macros.h =================================================================== RCS file: /var/cvs/syslog-ng/syslog-ng/src/macros.h,v retrieving revision 1.2.4.2 diff -u -r1.2.4.2 macros.h --- macros.h 6 May 2004 07:37:10 -0000 1.2.4.2 +++ macros.h 24 May 2006 09:29:51 -0000 @@ -25,10 +25,12 @@ #ifndef __MACROS_H #define __MACROS_H
-#define M_FACILITY 0 -#define M_LEVEL 10 -#define M_TAG 20 -#define M_PRI 21 +#define M_FACILITY 0 +#define M_FACILITY_NUM 1 +#define M_LEVEL 10 +#define M_LEVEL_NUM 11 +#define M_TAG 20 +#define M_PRI 21
#define M_DATE 30 #define M_FULLDATE 40
-- -------------------------------------------------- Jeremy M. Guthrie jeremy.guthrie@berbee.com Senior Network Engineer Phone: 608-298-1061 Berbee Fax: 608-288-3007 5520 Research Park Drive NOC: 608-298-1102 Madison, WI 53711
I made a change to the priority decode you sent me. This made it work just fine. case M_LEVEL_NUM: { /* length = snprintf(*dest, *left, "%d", (msg->pri % LOG_PRIMASK)); */ length = snprintf(*dest, *left, "%d", (msg->pri % 8)); break; } I tested across facilities and those worked fine. Before: 13:09:41 plato.berbee.com FACILITY: 1 - user PRIORITY: 1 - emerg MESSAGE: logger: Fri May 26 13:09:41 CDT 2006 emerg 13:09:41 plato.berbee.com FACILITY: 1 - user PRIORITY: 2 - alert MESSAGE: logger: Fri May 26 13:09:41 CDT 2006 alert 13:09:41 plato.berbee.com FACILITY: 1 - user PRIORITY: 3 - crit MESSAGE: logger: Fri May 26 13:09:41 CDT 2006 crit 13:09:41 plato.berbee.com FACILITY: 1 - user PRIORITY: 4 - err MESSAGE: logger: Fri May 26 13:09:41 CDT 2006 err 13:09:41 plato.berbee.com FACILITY: 1 - user PRIORITY: 5 - warning MESSAGE: logger: Fri May 26 13:09:41 CDT 2006 warning 13:09:41 plato.berbee.com FACILITY: 1 - user PRIORITY: 6 - notice MESSAGE: logger: Fri May 26 13:09:41 CDT 2006 notice 13:09:41 plato.berbee.com FACILITY: 1 - user PRIORITY: 0 - info MESSAGE: logger: Fri May 26 13:09:41 CDT 2006 info 13:09:41 plato.berbee.com FACILITY: 1 - user PRIORITY: 1 - debug MESSAGE: logger: Fri May 26 13:09:41 CDT 2006 debug After: 13:11:18 plato.berbee.com FACILITY: 1 - user PRIORITY: 0 - emerg MESSAGE: logger: Fri May 26 13:11:18 CDT 2006 emerg 13:11:18 plato.berbee.com FACILITY: 1 - user PRIORITY: 1 - alert MESSAGE: logger: Fri May 26 13:11:18 CDT 2006 alert 13:11:18 plato.berbee.com FACILITY: 1 - user PRIORITY: 2 - crit MESSAGE: logger: Fri May 26 13:11:18 CDT 2006 crit 13:11:18 plato.berbee.com FACILITY: 1 - user PRIORITY: 3 - err MESSAGE: logger: Fri May 26 13:11:18 CDT 2006 err 13:11:18 plato.berbee.com FACILITY: 1 - user PRIORITY: 4 - warning MESSAGE: logger: Fri May 26 13:11:18 CDT 2006 warning 13:11:18 plato.berbee.com FACILITY: 1 - user PRIORITY: 5 - notice MESSAGE: logger: Fri May 26 13:11:18 CDT 2006 notice 13:11:18 plato.berbee.com FACILITY: 1 - user PRIORITY: 6 - info MESSAGE: logger: Fri May 26 13:11:18 CDT 2006 info 13:11:18 plato.berbee.com FACILITY: 1 - user PRIORITY: 7 - debug MESSAGE: logger: Fri May 26 13:11:18 CDT 2006 debug On Wednesday 24 May 2006 04:32, Balazs Scheidler wrote:
On Tue, 2006-05-23 at 22:37 -0500, Jeremy M. Guthrie wrote:
I am in the process of trying to create a macro FAC / SEV to produce the two numeric values I need for facility / priority. I've been looking over the source code and I was going to model those macros off of M_LEVEL macro. I am using 1.6.10 at the moment.
When I check my changes.... my code doesn't seem to produce the desired results. ;)
Not sure if I am missing something relative to static unsigned char lengthtable[] & static struct macro_def wordlist[] ?
Am I missing something obvious? It also appears I may have broken other macros such as SEC, LEVEL, and a few others. Did I shift something relative to the lengthtable that might have hosed the program? It's been a while since I have coded much of anything in 'c'.
Attached patch should do what you wanted, can you test it please, before I commit it?
I've changed the macro names, to avoid introducing another term for severity.
macros-gperf.c is autogenerated using gperf that's why you broke the hash lookup algorithm by adding elements at random locations in that array.
Index: macros.c =================================================================== RCS file: /var/cvs/syslog-ng/syslog-ng/src/macros.c,v retrieving revision 1.4.4.8 diff -u -r1.4.4.8 macros.c --- macros.c 14 Feb 2006 10:05:51 -0000 1.4.4.8 +++ macros.c 24 May 2006 09:29:51 -0000 @@ -171,6 +171,10 @@ } break; } + case M_FACILITY_NUM: { + length = snprintf(*dest, *left, "%d", (msg->pri & LOG_FACMASK) >> 3); + break; + } case M_LEVEL: { /* level */ char *n = syslog_lookup_value(msg->pri & LOG_PRIMASK, sl_levels); @@ -184,6 +188,10 @@
break; } + case M_LEVEL_NUM: { + length = snprintf(*dest, *left, "%d", (msg->pri % LOG_PRIMASK)); + break; + } case M_TAG: { length = snprintf(*dest, *left, "%02x", msg->pri); break; Index: macros.gprf =================================================================== RCS file: /var/cvs/syslog-ng/syslog-ng/src/macros.gprf,v retrieving revision 1.1.4.2 diff -u -r1.1.4.2 macros.gprf --- macros.gprf 13 Dec 2004 18:17:58 -0000 1.1.4.2 +++ macros.gprf 24 May 2006 09:29:51 -0000 @@ -4,8 +4,10 @@ struct macro_def { char *name; int id; int len; }; %% FACILITY, M_FACILITY +FACILITY_NUM, M_FACILITY_NUM PRIORITY, M_LEVEL LEVEL, M_LEVEL +LEVEL_NUM, M_LEVEL_NUM TAG, M_TAG PRI, M_PRI DATE, M_DATE Index: macros.h =================================================================== RCS file: /var/cvs/syslog-ng/syslog-ng/src/macros.h,v retrieving revision 1.2.4.2 diff -u -r1.2.4.2 macros.h --- macros.h 6 May 2004 07:37:10 -0000 1.2.4.2 +++ macros.h 24 May 2006 09:29:51 -0000 @@ -25,10 +25,12 @@ #ifndef __MACROS_H #define __MACROS_H
-#define M_FACILITY 0 -#define M_LEVEL 10 -#define M_TAG 20 -#define M_PRI 21 +#define M_FACILITY 0 +#define M_FACILITY_NUM 1 +#define M_LEVEL 10 +#define M_LEVEL_NUM 11 +#define M_TAG 20 +#define M_PRI 21
#define M_DATE 30 #define M_FULLDATE 40
-- -------------------------------------------------- Jeremy M. Guthrie jeremy.guthrie@berbee.com Senior Network Engineer Phone: 608-298-1061 Berbee Fax: 608-288-3007 5520 Research Park Drive NOC: 608-298-1102 Madison, WI 53711
participants (3)
-
Balazs Scheidler
-
Jeremy M. Guthrie
-
Robert Gahl