Ok, I'm using the tail | logger thing and it sort of works. But there is a problem: date/time. I get entries like this in mysql: (long line below, sorry) 714 machine local4 info 2001-12-31 00:00:00 apache: 127.0.0.1 - - [07/Oct/2002:17:43:41 -0300] "POST /syslog/results.php HTTP/1.1" 200 700 Of course, only the date/time of the entry itself (msg field) is correct. Logger doesn't seem to add date/time info to the logs it sends. Any clever way around this? Is this a logger bug?
On Tue, Oct 08, 2002 at 10:41:37AM -0300, Andreas Hasenack wrote:
Ok, I'm using the tail | logger thing and it sort of works. But there is a problem: date/time. I get entries like this in mysql:
(long line below, sorry)
714 machine local4 info 2001-12-31 00:00:00 apache: 127.0.0.1 - - [07/Oct/2002:17:43:41 -0300] "POST /syslog/results.php HTTP/1.1" 200 700
Of course, only the date/time of the entry itself (msg field) is correct. Logger doesn't seem to add date/time info to the logs it sends. Any clever way around this?
Is this a logger bug?
I assume you are using templates to format the time field above (2001-12-31), try using 1) use_time_recvd(), or 2) the time macros beginning with R_ (meaning received stamp), e.g. template("$R_YEAR:$R_MONTH:$R_DAY\n"); this inserts the date the message was received instead of the stamp in the message itself. I'd be curious how 2001-12-31 was generated. If no timestamp is included in the message, syslog-ng substitutes the current date (same as received stamp) -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1
Em Tue, Oct 08, 2002 at 03:53:18PM +0200, Balazs Scheidler escreveu:
I assume you are using templates to format the time field above (2001-12-31), try using
Yes, I'm using: template("INSERT INTO logs (host, facility, priority, level, tag, date, time, program, msg) VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$LEVEL', '$TAG', '$YEAR-$MONTH-$DAY', '$HOUR:$MIN:$SEC', '$PROGRAM', '$MSG' );\n") template-escape(yes));
message itself. I'd be curious how 2001-12-31 was generated. If no timestamp is included in the message, syslog-ng substitutes the current date (same as received stamp)
BTW, this is syslog-ng-1.5.21 with libol-0.3.3. I'll play with logger a bit more, the first impression I got now was that this behaviour only occurs when I pipe messages to logger, and not when putting the message on the command line.
Em Tue, Oct 08, 2002 at 11:01:42AM -0300, Andreas Hasenack escreveu:
BTW, this is syslog-ng-1.5.21 with libol-0.3.3. I'll play with logger a bit more, the first impression I got now was that this behaviour only occurs when I pipe messages to logger, and not when putting the message on the command line.
Hmm, check this out: # logger -p local7.info -t test "hi mom, it's `date`" I get in the logs: Out 8 12:01:17 pandora test: hi mom, it's Ter Out 8 12:01:17 BRT 2002 In another log file, where I'm using a test template, I get: program=test year=2001, month=12, day=31, hour=00, min=00, sec=00 The template for the entry above is: destination d_test { file("/var/log/test" template("program=$PROGRAM year=$YEAR, month=$MONTH, day=$DAY, hour=$HOUR, min=$MIN, sec=$SEC\n") template-escape(yes)); }; And SQL gets: 3822 pandora local7 info 2001-12-31 00:00:00 test: hi mom, it's Ter Out 8 12:01:17 BRT 2002 Hmm...
participants (2)
-
Andreas Hasenack
-
Balazs Scheidler