Filtering out multiple entries in log files due to different level
I just started testing syslog-ng in our enviroment a few days ago. I've been able to do what I want for the most part but the one thing that I'm stuck on (and it's probably a stupid admin trick I've missed) is to remove multiple entries from a log file due to level reporting. The necessary bit of backgound: Solaris 8 10/01 on both the client and server. The config file is: --------------------------------------------------------------------- options { sync(0); time_reopen(10); log_fifo_size(100); keep_hostname (no); chain_hostnames (no); create_dirs (yes); }; source net { udp (); }; destination all_by_host-facility { file ("/var/logs/$HOST/$FACILITY/$YEAR/$HOST.$FACILITY.$YEAR.$MONTH.log"); }; destination all_by_facility { file ("/var/logs/$FACILITY/$YEAR/$MONTH/$FACILITY.$LEVEL.$YEAR.$MONTH.log"); }; log { source(net); destination(all_by_host-facility); destination(all_by_facility); }; --------------------------------------------------------------------- I get the logs to split out by hostname year etc. but I get multiple entries in a log file the higher the level. The idea was to log a facility per file so I expected a single entry in the log file which I guess was a woring assumption. Is there a way to stop the following from happening: client> logger -p auth.emerg EMERG server> tail <log> Apr 1 18:20:00 cdm010 nickc: [ID 702911 auth.emerg] EMERG Apr 1 18:20:00 cdm010 nickc: [ID 702911 auth.emerg] EMERG Apr 1 18:20:00 cdm010 nickc: [ID 702911 auth.emerg] EMERG Apr 1 18:20:00 cdm010 nickc: [ID 702911 auth.emerg] EMERG Apr 1 18:20:00 cdm010 nickc: [ID 702911 auth.emerg] EMERG Apr 1 18:20:00 cdm010 nickc: [ID 702911 auth.emerg] EMERG Apr 1 18:20:00 cdm010 nickc: [ID 702911 auth.emerg] EMERG Apr 1 18:20:00 cdm010 nickc: [ID 702911 auth.emerg] EMERG and replace it with a single line of: Apr 1 18:20:00 cdm010 nickc: [ID 702911 auth.emerg] EMERG Is it even a syslog-ng config question? Maybe it's an OS question. TIA Nick -------------------------------+------------------+------------------- Nick Chondropoulos | Schlumberger | ZHTW H ELLAS Senior UNIX Systems Manager | 525 3rd Ave S.W. | nickc@calgary.geoquest.slb.com | Calgary, AB | If it's not P) 403-509-4000 | CANADA | dedicated hardware F) 403-509-4170 | T2P 0G4 | it's crap! -------------------------------+------------------+------------------- QUOMODO ARDUUM ESSE POSSIT
On Tue, Apr 02, 2002 at 01:21:35PM -0700, Nick Chondropoulos wrote:
I get the logs to split out by hostname year etc. but I get multiple entries in a log file the higher the level. The idea was to log a facility per file so I expected a single entry in the log file which I guess was a woring assumption.
I don't understand you exactly. Higher priority messages are sent multiple times?
Is there a way to stop the following from happening: client> logger -p auth.emerg EMERG
server> tail <log> Apr 1 18:20:00 cdm010 nickc: [ID 702911 auth.emerg] EMERG Apr 1 18:20:00 cdm010 nickc: [ID 702911 auth.emerg] EMERG Apr 1 18:20:00 cdm010 nickc: [ID 702911 auth.emerg] EMERG Apr 1 18:20:00 cdm010 nickc: [ID 702911 auth.emerg] EMERG Apr 1 18:20:00 cdm010 nickc: [ID 702911 auth.emerg] EMERG Apr 1 18:20:00 cdm010 nickc: [ID 702911 auth.emerg] EMERG Apr 1 18:20:00 cdm010 nickc: [ID 702911 auth.emerg] EMERG Apr 1 18:20:00 cdm010 nickc: [ID 702911 auth.emerg] EMERG
and replace it with a single line of: Apr 1 18:20:00 cdm010 nickc: [ID 702911 auth.emerg] EMERG
syslog-ng prints as many messages as it receives, no message aggregation is done (e.g. last message repeated NN times) And syslog-ng sends messages to all matching destinations. -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1
participants (2)
-
Balazs Scheidler
-
Nick Chondropoulos