logging facility in log file
Hi, ALL I am using syslog-ng to do remote logging for facility of "local6" and priority of "warn", the log server is Linux system(SLES10 SP1), it works well with the message content, only one problem is the keyword of "local6" is not logged in the log file, please see the details below: on c890mgrs4(Linux) Jun 25 20:53:34 c890f12ec07 root: sunjing test 1 Jun 25 20:53:38 c890f12ec07 root: sunjing test 2 I did the same thing on AIX log server, while it could log the keyword of "local6" in log file: on c890mgrs3(AIX) Jun 25 20:53:34 c890f12ec07 local6:warn|warning c890f12ec07 root: sunjing test 1 Jun 25 20:53:38 c890f12ec07 local6:warn|warning c890f12ec07 root: sunjing test 2 So I am guessing that I did not enable this facility logging in syslog-ng, maybe syslog-ng has a certain configuration that could let the "facility" logged in message file, am I right? or could you point me to the correct method? I need this "facility" information to develop my applications. Thank you. Best Regards, ----------------------------- Sun Jing(孙靖) IBM China Software Development Laboratory Tel: (86-10) 82453625 E-mail: sjing@cn.ibm.com Address:5F Deshi Building No.9 Shangdi East Road Haidian District,Beijing City P.R.China 100085, P.R.China.
Hi,
I am using syslog-ng to do remote logging for facility of "local6" and priority of "warn", the log server is Linux system(SLES10 SP1), it works well with the message content, only one problem is the keyword of "local6" is not logged in the log file, please see the details below: on c890mgrs4(Linux) Jun 25 20:53:34 c890f12ec07 root: sunjing test 1 Jun 25 20:53:38 c890f12ec07 root: sunjing test 2
I did the same thing on AIX log server, while it could log the keyword of "local6" in log file: on c890mgrs3(AIX) Jun 25 20:53:34 c890f12ec07 local6:warn|warning c890f12ec07 root: sunjing test 1 Jun 25 20:53:38 c890f12ec07 local6:warn|warning c890f12ec07 root: sunjing test 2
So I am guessing that I did not enable this facility logging in syslog-ng, maybe syslog-ng has a certain configuration that could let the "facility" logged in message file, am I right? or could you point me to the correct method? I need this "facility" information to develop my applications.
There are macros which you could use (FACILITY, PRIORITY). Simply add a template containing these to the destination section(s). You should check the reference documentation about templates and macros. Regards, Sandor -------------------------------------------------------- NOTICE: If received in error, please destroy and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error.
Thank you, Sandor. I have read the syslog-ng documentation, and only found a FACILITY and PRIORITY sample in it, such as: destination hosts { file("/var/log/syslogs/$HOST/$FACILITY" owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes));}; but my purpose is not to log these message into a file named as FACILITY, but to include this FACILITY in my log files, for example: Jun 25 20:53:34 c890f12ec07 local6:warn|warning c890f12ec07 root: sunjing test 1 "local6:warn" is what I wanted in the log file....could you help? "Geller, Sandor \(IT\)" <Sandor.Geller@mo To rganstanley.com> "'Syslog-ng users' and developers' Sent by: mailing list'" syslog-ng-bounces <syslog-ng@lists.balabit.hu> @lists.balabit.hu cc Subject 2008-06-30 18:11 Re: [syslog-ng] logging facility in log file Please respond to "Syslog-ng users' and developers' mailing list" <syslog-ng@lists. balabit.hu> Hi,
I am using syslog-ng to do remote logging for facility of "local6" and priority of "warn", the log server is Linux system(SLES10 SP1), it works well with the message content, only one problem is the keyword of "local6" is not logged in the log file, please see the details below: on c890mgrs4(Linux) Jun 25 20:53:34 c890f12ec07 root: sunjing test 1 Jun 25 20:53:38 c890f12ec07 root: sunjing test 2
I did the same thing on AIX log server, while it could log the keyword of "local6" in log file: on c890mgrs3(AIX) Jun 25 20:53:34 c890f12ec07 local6:warn|warning c890f12ec07 root: sunjing test 1 Jun 25 20:53:38 c890f12ec07 local6:warn|warning c890f12ec07 root: sunjing test 2
So I am guessing that I did not enable this facility logging in syslog-ng, maybe syslog-ng has a certain configuration that could let the "facility" logged in message file, am I right? or could you point me to the correct method? I need this "facility" information to develop my applications.
There are macros which you could use (FACILITY, PRIORITY). Simply add a template containing these to the destination section(s). You should check the reference documentation about templates and macros. Regards, Sandor -------------------------------------------------------- NOTICE: If received in error, please destroy and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error. ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
Hi,
Thank you, Sandor.
I have read the syslog-ng documentation, and only found a FACILITY and PRIORITY sample in it, such as: destination hosts { file("/var/log/syslogs/$HOST/$FACILITY" owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes));};
but my purpose is not to log these message into a file named as FACILITY, but to include this FACILITY in my log files, for example: Jun 25 20:53:34 c890f12ec07 local6:warn|warning c890f12ec07 root: sunjing test 1
"local6:warn" is what I wanted in the log file....could you help?
Sorry, I forgot that the doc doesn't provide too much details about macro usage. You can use these macros in templates too, for example: destination d_something { file( "/var/log/something" template("$ISODATE $FACILITY:$PRIORITY $MSG\n"; ); }; Regards, Sandor -------------------------------------------------------- NOTICE: If received in error, please destroy and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error.
Thank you so much, Sandor. I will try this method today, and let you know the result.. By the way, is there any material about the usage of macros in templates, that's very helpful for us to use the syslog-ng tool. "Geller, Sandor \(IT\)" <Sandor.Geller@mo To rganstanley.com> "'Syslog-ng users' and developers' Sent by: mailing list'" syslog-ng-bounces <syslog-ng@lists.balabit.hu> @lists.balabit.hu cc Subject 2008-06-30 23:41 Re: [syslog-ng] logging facility in log file Please respond to "Syslog-ng users' and developers' mailing list" <syslog-ng@lists. balabit.hu> Hi,
Thank you, Sandor.
I have read the syslog-ng documentation, and only found a FACILITY and PRIORITY sample in it, such as: destination hosts { file("/var/log/syslogs/$HOST/$FACILITY" owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes));};
but my purpose is not to log these message into a file named as FACILITY, but to include this FACILITY in my log files, for example: Jun 25 20:53:34 c890f12ec07 local6:warn|warning c890f12ec07 root: sunjing test 1
"local6:warn" is what I wanted in the log file....could you help?
Sorry, I forgot that the doc doesn't provide too much details about macro usage. You can use these macros in templates too, for example: destination d_something { file( "/var/log/something" template("$ISODATE $FACILITY:$PRIORITY $MSG\n"; ); }; Regards, Sandor -------------------------------------------------------- NOTICE: If received in error, please destroy and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error. ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
On Mon, 2008-06-30 at 23:59 +0800, Jing CDL Sun wrote:
Thank you so much, Sandor.
I will try this method today, and let you know the result..
By the way, is there any material about the usage of macros in templates, that's very helpful for us to use the syslog-ng tool.
The documentation team is eager to hear feedback about syslog-ng documentation. I've Cced them on this mail. -- Bazsi
What you're after is in chapter 3 section 7 of the administrator guide. http://www.balabit.com/dl/html/syslog-ng-admin-guide_en.html/ch03s07.html Following the example to add the facility and level to log messages written to /var/log/messages the configuration would look something like this destination d_file { file("/var/log/messages" template("$FACILITY:$PRIORITY $MSG\n"; template_escape(no))); };
Jing CDL Sun <sjing@cn.ibm.com> 07/01/08 3:31 AM >>>
Thank you, Sandor. I have read the syslog-ng documentation, and only found a FACILITY and PRIORITY sample in it, such as: destination hosts { file("/var/log/syslogs/$HOST/$FACILITY" owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes));}; but my purpose is not to log these message into a file named as FACILITY, but to include this FACILITY in my log files, for example: Jun 25 20:53:34 c890f12ec07 local6:warn|warning c890f12ec07 root: sunjing test 1 "local6:warn" is what I wanted in the log file....could you help? "Geller, Sandor \(IT\)" <Sandor.Geller@mo To rganstanley.com> "'Syslog-ng users' and developers' Sent by: mailing list'" syslog-ng-bounces <syslog-ng@lists.balabit.hu> @lists.balabit.hu cc Subject 2008-06-30 18:11 Re: [syslog-ng] logging facility in log file Please respond to "Syslog-ng users' and developers' mailing list" <syslog-ng@lists. balabit.hu> Hi,
I am using syslog-ng to do remote logging for facility of "local6" and priority of "warn", the log server is Linux system(SLES10 SP1), it works well with the message content, only one problem is the keyword of "local6" is not logged in the log file, please see the details below: on c890mgrs4(Linux) Jun 25 20:53:34 c890f12ec07 root: sunjing test 1 Jun 25 20:53:38 c890f12ec07 root: sunjing test 2
I did the same thing on AIX log server, while it could log the keyword of "local6" in log file: on c890mgrs3(AIX) Jun 25 20:53:34 c890f12ec07 local6:warn|warning c890f12ec07 root: sunjing test 1 Jun 25 20:53:38 c890f12ec07 local6:warn|warning c890f12ec07 root: sunjing test 2
So I am guessing that I did not enable this facility logging in syslog-ng, maybe syslog-ng has a certain configuration that could let the "facility" logged in message file, am I right? or could you point me to the correct method? I need this "facility" information to develop my applications.
There are macros which you could use (FACILITY, PRIORITY). Simply add a template containing these to the destination section(s). You should check the reference documentation about templates and macros. Regards, Sandor -------------------------------------------------------- NOTICE: If received in error, please destroy and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error. ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
participants (4)
-
Balazs Scheidler
-
chris packham
-
Geller, Sandor (IT)
-
Jing CDL Sun