[syslog-ng] message numbers

John B Batzel batzel@central.cis.upenn.edu
Fri, 25 Feb 2000 07:51:44 -0500 

On Fri, Feb 25, 2000 at 01:14:02PM +0100, Balazs Scheidler wrote:

> > I'm sure this is an FAQ, but how can I make it include message numbers?
...
> 
> what is this message number? A serial number?

I don't know when this got added to Solaris. It exists in Solaris 7, at
least, though I hadn't heard of it until it crossed this list. And I
doubt it's anywhere near an FAQ. :)

msgid's in Solaris's syslog is apparently a simple hash of the logged
message. I'm not honestly sure what it's good for -- the same string
always hashes to the same ID number, so I guess it's for easier scanning
for specific log messages. I never had any problems with egrep, so I
still don't see the point. :)

I *do* like the ability to see what facility.priority the log entry was
labeled as, and I *really* like being able to see what kernel module
provided the log entry rather than 'unix'. It'll probably help me track
down some obscure kernel-generated messages. I don't see any mention of
msgid's in man -s3 syslog, so I don't know what it's doing differently
in the function calls.

>From 'man syslogd':

     If message ID generation is enabled (see log(7d)), each mes-
     sage will be preceded by an identifier in the following for-
     mat: [ID msgid facility.priority]. msgid  is  the  message's
     numeric  identifier  described  in  msgid(1M).  facility and
     priority  are  described  in  syslog.conf(4).   [ID   123456
     kern.notice]  is an example of an identifier when message ID
     generation is enabled.

     If the message originated in a  loadable  kernel  module  or
     driver,  the kernel module's name (for example, ufs) will be
     displayed instead of unix. See EXAMPLES  for  sample  output
     from   syslogd   with  and  without  message  ID  generation
     enabled.

     In an effort to reduce visual clutter, message IDs  are  not
     displayed  when writing to the console; message IDs are only
     written to the log file. See EXAMPLES.

...
EXAMPLES
     Example 1: syslogd  output  without  message  ID  generation
     enabled

     The following example shows the output  from  syslogd   when
     message ID generation is not enabled:

      Sep 29 21:41:18 cathy unix: alloc /: file system full


     Example 2:  syslogd output with ID generation  enabled  when
     writing to log file /var/adm/messages

     The following example shows the output  from  syslogd   when
     message  ID generation is enabled. Note that  the message ID
     is displayed when writing to log file/var/adm/messages.

      Sep 29 21:41:18 cathy ufs: [ID 845546 kern.notice] alloc /: file system full


     Example 3:  syslogd output with ID generation  enabled  when
     writing to the console

     The following example shows the output  from  syslogd   when
     message  ID  generation  is enabled when writing to the con-
     sole. Note that even though message ID is enabled, the  mes-
     sage ID is not displayed at the console.

      Sep 29 21:41:18 cathy ufs: alloc /: file system full
...
----------------------------------------------------------------------

'man msgid' says:

     A message ID is a numeric identifier that, with a high  pro-
     bability,  uniquely identifies a message. The probability of
     two distinct messages having the same ID is about one  in  a
     million. Specifically, the message ID is a hash signature on
     the  message's  unexpanded  format  string,   generated   by
     STRLOG_MAKE_MSGID() as defined in <sys/strlog.h>.

     syslogd(1M) is a simple filter that takes strings  as  input
     and  produces  those same strings, preceded by their message
     IDs, as output. Every message logged by syslogd(1M) includes
     the  message  ID.  The  message ID is intended to serve as a
     small, language-independent identifier.

----------------------------------------------------------------------

I think that last man page has some problems and probably means 'msgid'
rather than syslogd at the start of the last paragraph. For instance,

echo "test" | msgid
returns
229106 test
and 'echo "test2" | msgid
returns
880108 test2


And from 'man -s7d log':

  Driver Configuration
     The following driver configuration properties may be defined
     in the log.conf file.

     msgid     If msgid=1, each message will  be  preceded  by  a
               message   ID  as  described  in  syslogd(1M).   If
               msgid=0, message IDs will not be  generated.  This
               property  is  Unstable  and  may  be  removed in a
               future release.
----------------------------------------------------------------------

HTH.

JBB