[syslog-ng]Feature Request

Andrew Fort afort@staff.webcentral.com.au
Wed, 28 Mar 2001 09:23:35 +1000


This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_000_01C0B714.F20FE210
Content-Type: text/plain;
	charset="iso-8859-1"

> Next thing to ask for is a feature request that would make our use of
> syslog infintely more flexible: a string formatter module.  Take this
> hypothetical syslog-ng.conf entry as an example:

the 1.5 development releases allow you to specify what fields to go the
output for some destinations.  i've attached a previous post of mine with
the field list inside, and quoting Balazs' original feature announcement.
you may be able to use this in conjunction with other facilities, a log
watcher, the program destination, whatever, to achieve your goal.

-afort


------_=_NextPart_000_01C0B714.F20FE210
Content-Type: message/rfc822
Content-Description: RE: [syslog-ng]syslog-ng 1.5.3 released

Message-ID: <415DD4BF903BD311A3D900A0C99F902206BB8AA5@bnc.webcentral.com.au>
From: Andrew Fort <afort@staff.webcentral.com.au>
Reply-To: syslog-ng@lists.balabit.hu
To: "'syslog-ng@lists.balabit.hu'" <syslog-ng@lists.balabit.hu>
Subject: RE: [syslog-ng]syslog-ng 1.5.3 released
Date: Fri, 19 Jan 2001 23:41:24 +1000
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain;
	charset="iso-8859-1"

> Hi,
> 
> syslog-ng 1.5.3 released which adds support for user 
> definable log file
> formats. Here's how to use it:
> 
> destination my_file { 
> 	file("/var/log/messages" template("$ISODATE $TAG 
> $FULLHOST $MESSAGE")); 
> };
> 
> Documentation is not updated, for a list of available macros check out
> affile.c, expand_macros() function. I'd appreciate some 
> testing, because I
> won't have too much time to do it myself.

Here's a list of the macros and an example of their output, in the following
format

$MACRO_NAME
description/type
example


$FACILITY
syslog facility name
daemon

$PRIORITY
the syslog priority name
debug

$LEVEL ; same output as $PRIORITY

$TAG
Hex representaiton of the 32-bit priority/facility pair (see
/usr/include/sys/syslog.h)
1f

(1f is the output for "daemon/debug" as above)

$DATE
The local system time
Jan 19 23:27:21

$FULLDATE
Same as $DATE but with %Y appended,
2001 Jan 19 23:27:21

$ISODATE
ISO-standard format date (strftime format "%Y-%m-%dT%H:%M:%S%z")
2001-01-19T23:27:21+1000

$YEAR
4-digit year string
2001

$MONTH
2-digit month string
01

$DAY
2-digit day string
19

$HOUR
2-digit hour string
23

$MIN
2-digit minutes string
27

$SEC
2-digit seconds string
21

$HOST
host string; not sure how to decode this function, in my example it's the
same as fullhost (?)
avrio

$FULLHOST
"full hostname" (msg->host->data)
avrio

$PROGRAM
If syslog-ng has pulled a 'program name' out of the message, this will
return that
qpage

$MSG || $MESSAGE
The full syslog message
qpage[9366]: processing the page queue

Balazs forgot one thing - you'll also need to include a "\n" at the end of
your template directive if you want to make your output readable :)

e.g.

 destination my_file { 
 	file("/var/log/messages" template("$ISODATE $TAG $FULLHOST
$MESSAGE\n")); 
 };

Balazs, my test config was:

destination d_format_test { file("/var/log/test" template("$FACILITY
$PRIORITY $LEVEL $TAG $DATE $FULLDATE $ISODATE $YEAR $MONTH $DAY $HOUR $MIN
$SEC $HOST $FULLHOST $PROGRAM $MSG\n")); };

log { source(s_sys); filter(DEFAULT); destination(d_format_test); };

the output used in the examples above is

daemon debug debug 1f Jan 19 23:27:21 2001 Jan 19 23:27:21
2001-01-19T23:27:21+1000 2001 01 19 23 27 21 avrio avrio qpage qpage[9366]:
processing the page queue

seems to work okay with the \n.

Thanks Balazs, now I can use the clock on my ciscos for the log messages,
again!

-afort

_______________________________________________
syslog-ng maillist  -  syslog-ng@lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng

------_=_NextPart_000_01C0B714.F20FE210--