[syslog-ng] no $PID macro?
Roberto Nibali
ratz at drugphish.ch
Wed Oct 5 23:54:19 CEST 2005
> It's part of the identification when you use the LOG_PID option in
> openlog(). It's not a required option but nevertheless a proper formated
> syslog message should contain it.
>
> That's what I meant, it's not always there, but when the program name
> field is there, often the PID is embedded there as well. Sorry, thought
> that was clear.
Yes, it's clear.
> What is a good reason to have this? If you specify $MSG you will get the
> programme name and pid logged, provided it was specified in openlog().
>
> Same reason for having the date, or the program name, or any other part
> of the message available as a macro - so you can format it yourself.
The date is fix, the program name also, they contain real informational
value which is why they have macros. A pid has no informational value,
since it's volatile (when the process ends, or when pids cycle) and only
adds to the complexity of mining your data.
> Is that not what you guys were looking for?
>
> No, having a $PID macro is what we're looking for.
Well, here's a head start, it's not much left to implement. I simply
don't have time to do it:
--- syslog-ng-1.9.5+20051003/src/macros.c 2005-10-03
00:11:46.000000000 +0200
+++ syslog-ng-1.9.5+20051003-ratz/src/macros.c 2005-10-05
23:49:26.996398132 +0200
@@ -99,6 +99,7 @@
{ "FULLHOST", M_FULLHOST },
{ "PROGRAM", M_PROGRAM },
+ { "PID", M_PID },
{ "MSG", M_MESSAGE },
{ "MSGONLY", M_MSGONLY },
{ "MESSAGE", M_MESSAGE },
@@ -366,6 +367,16 @@
}
break;
}
+ case M_PID:
+ {
+ gchar *bracket;
+ gint ofs;
+
+ /* here you add your progname[PID] parsing */
+
+ result_append(result, msg->msg->str + ofs, msg->msg->len - ofs,
!!(flags & MF_ESCAPE_RESULT));
+ break;
+ }
case M_MESSAGE:
/* message */
result_append(result, msg->msg->str, msg->msg->len, !!(flags &
MF_ESCAPE_RESULT));
HTH,
Roberto Nibali, ratz
--
echo '[q]sa[ln0=aln256%Pln256/snlbx]sb3135071790101768542287578439snlbxq'|dc
More information about the syslog-ng
mailing list