[syslog-ng] Re: syslog-ng Digest, Vol 23, Issue 20
wayne yu
zwyu7319 at yahoo.com
Wed Apr 25 18:52:26 CEST 2007
Please delete me from list server
syslog-ng-request at lists.balabit.hu wrote: Send syslog-ng mailing list submissions to
syslog-ng at lists.balabit.hu
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.balabit.hu/mailman/listinfo/syslog-ng
or, via email, send a message with subject or body 'help' to
syslog-ng-request at lists.balabit.hu
You can reach the person managing the list at
syslog-ng-owner at lists.balabit.hu
When replying, please edit your Subject line so it is more specific
than "Re: Contents of syslog-ng digest..."
Today's Topics:
1. Re: syslog-ng filtering capabilities (Bruno Vieira)
2. Log rotate without log rotate. (Bruno Vieira)
3. Re: Log rotate without log rotate. (Alexander Clouter)
4. Re: Log rotate without log rotate. (Valdis.Kletnieks at vt.edu)
5. Re: Log rotate without log rotate. (Bruno Vieira)
6. Re: Where is the download link for 2.0 ? (Jose Pedro Oliveira)
----------------------------------------------------------------------
Message: 1
Date: Fri, 16 Mar 2007 14:51:26 +0000
From: "Bruno Vieira"
Subject: Re: [syslog-ng] syslog-ng filtering capabilities
To: "Syslog-ng users' and developers' mailing list"
Message-ID:
Content-Type: text/plain; charset="iso-8859-1"
Hi there. Yes, syslog-ng has of those features that you want.
Check the syslog-ng.conf expanded file.
Here you can see those kind of things being used.
Using templates it is possible for syslog-ng to create dirs and files based
on templates.
http://www.campin.net/syslog-ng/expanded-syslog-ng.conf
Regards,
Bruno.
On 3/15/07, Ramesh Uppuluri wrote:
>
> I am new to syslog-ng product which has been working great so far.
> My question is on filtering unwanted syslog messages during collection.
> Can I accomplish this using syslog-ng? If so, can some one tell me its
> possible to filter out messages from specific host or a wildcard
> (subnet) etc.
>
> Thanks
> Ramesh
> _______________________________________________
> syslog-ng maillist - syslog-ng at lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20070316/4309dea4/attachment.htm
------------------------------
Message: 2
Date: Fri, 16 Mar 2007 14:59:00 +0000
From: "Bruno Vieira"
Subject: [syslog-ng] Log rotate without log rotate.
To: "Syslog-ng users' and developers' mailing list"
Message-ID:
Content-Type: text/plain; charset="iso-8859-1"
Hi there.
I have a question and at the same time i almost know that it must exist a
way of doing this.
The situation is: I want that my logs act as FIFOs. I mean.. I want my log
files to have a max of 100 KB or 100 lines (the one that is most convenient
to find a solution). If I use a pipe, I have the problem that if I read on
one side of the pipe, it continues dumping it's content until getting empty
regardless of having more messages coming in through the other end. But what
I want is a pipe that that keeps it's content and only flushes a message out
every time it receives a message in. Just like a FIFO.. I want this
behaviour in a file... named pipe? I don't know the solution for this but I
can feel that it is out there :)
This way I would have a log rotation without using log rotate that normally
it copies the file content to a new one and than syslog-ng starts writing on
an empty one.
Tell me what you think about this.
Best regards,
Bruno.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20070316/0235f155/attachment.html
------------------------------
Message: 3
Date: Fri, 16 Mar 2007 15:08:14 +0000
From: Alexander Clouter
Subject: Re: [syslog-ng] Log rotate without log rotate.
To: Syslog-ng users' and developers' mailing list
Message-ID: <20070316150813.GJ8038 at inskipp.digriz.org.uk>
Content-Type: text/plain; charset=us-ascii
Hi,
Bruno Vieira [20070316 14:59:00 +0000]:
>
> Hi there.
>
> I have a question and at the same time i almost know that it must exist a
> way of doing this.
>
> [snipped]
>
> This way I would have a log rotation without using log rotate that normally
> it copies the file content to a new one and than syslog-ng starts writing on
> an empty one.
>
I might have missed something but whats wrong with something like:
====
destination d_cheese {
file("/var/log/cheese/$R_YEAR$R_MONTH$R_DAY.log"
perm(0644));
};
====
Have a look at the follow macro expansions for more fun:
http://www.balabit.com/products/syslog_ng/reference-2.0/syslog-ng.html/index.html#macros
> Tell me what you think about this.
>
shear craziness :)
Cheers
Alex
------------------------------
Message: 4
Date: Fri, 16 Mar 2007 11:32:17 -0400
From: Valdis.Kletnieks at vt.edu
Subject: Re: [syslog-ng] Log rotate without log rotate.
To: "Syslog-ng users' and developers' mailing list"
Message-ID: <200703161532.l2GFWHCH007073 at turing-police.cc.vt.edu>
Content-Type: text/plain; charset="us-ascii"
On Fri, 16 Mar 2007 14:59:00 -0000, Bruno Vieira said:
> I have a question and at the same time i almost know that it must exist a
> way of doing this.
>
> The situation is: I want that my logs act as FIFOs. I mean.. I want my log
> files to have a max of 100 KB or 100 lines (the one that is most convenient
> to find a solution).
Trust me - you *really* want to break it on the basis of discrete times that
tend to have 100K per time period (be it once an hour, or once a day, or every
15 minutes, or something). When you're trying to shoot a problem, and one
logfile destination runs from 02:17:34 to 03:09:19, the next from 03:09:19 to
05:48:28, and another destination runs from 01:45:07 to 02:36:12, the next from
02:36:12 to 06:29:58 - quick, which files do you need to get all messages from
45 seconds to either side of 03:10:15?
Oh, and one of the machines concerned didn't have the DST patch installed, so
you probably want to find 45 seconds either side of 02:10:15 as well. ;)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://lists.balabit.hu/pipermail/syslog-ng/attachments/20070316/0f62b32b/attachment-0001.pgp
------------------------------
Message: 5
Date: Fri, 16 Mar 2007 16:03:29 +0000
From: "Bruno Vieira"
Subject: Re: [syslog-ng] Log rotate without log rotate.
To: "Syslog-ng users' and developers' mailing list"
Message-ID:
Content-Type: text/plain; charset="iso-8859-1"
Hi Alex. Thanks you for your considerations.
But the problem here is that the device that will be logging have memory
restrictions.
So, I want a log that acts as a fifo. And every time a new message comes,
the oldest one gets out.
With log rotate I can't guarantee that the size of the log keeps in a
acceptable interval like 100 - 120 KB. Because if I get a ton of info dumped
to the log file within a small amount of time, I'll still overshoot the
maximum file size.
I would like to have only one file per destination (ex: auth.log) and keep
that file within 100 - 120 KB or 100 lines, per example. I want it to be
circular... to be like a FIFO.
What do you think?
I have a solution.. but I think there can be a better one. My solution is:
having a midlle program between syslog-ng and the destination file. And for
every message received, the program would verify if the destination file (
p.e. auth.log) already has 100 lines. If so, deleted the last line, make all
others one ENTER down and that append the new line to the beginning of the
file.
But this seems to be a very "manual" solution...
Best regards,
Bruno.
====
> destination d_cheese {
> file("/var/log/cheese/$R_YEAR$R_MONTH$R_DAY.log"
> perm(0644));
> };
> ====
>
> Have a look at the follow macro expansions for more fun:
>
>
> http://www.balabit.com/products/syslog_ng/reference-2.0/syslog-ng.html/index.html#macros
>
> > Tell me what you think about this.
> >
> shear craziness :)
>
> Cheers
>
> Alex
> _______________________________________________
> syslog-ng maillist - syslog-ng at lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20070316/cbbf8268/attachment.html
------------------------------
Message: 6
Date: Fri, 16 Mar 2007 17:56:30 +0000
From: Jose Pedro Oliveira
Subject: Re: [syslog-ng] Where is the download link for 2.0 ?
To: Syslog-ng users' and developers' mailing list
Message-ID: <45FADA4E.8080202 at di.uminho.pt>
Content-Type: text/plain; charset="iso-8859-1"
Dave Augustus wrote:
> Everyplace on http://www.balabit.com I try just leads me to
> http://www.balabit.com/downloads/syslog-ng/2.0/
Strange! It used to be possible to obtain a directory
listing through the web interface at the following address
http://www.balabit.com/downloads/syslog-ng/2.0/src/
Any way, you can still download syslog-ng using the following
direct links:
http://www.balabit.com/downloads/syslog-ng/2.0/src/eventlog-0.2.5.tar.gz
http://www.balabit.com/downloads/syslog-ng/2.0/src/syslog-ng-2.0.2.tar.gz
http://www.balabit.com/downloads/syslog-ng/2.0/src-snapshot/syslog-ng-2.0.2+20070316.tar.gz
jpo
--
Jos Pedro Oliveira
* mailto: jpo at di.uminho.pt * http://gsd.di.uminho.pt/jpo *
* gpg fingerprint = F9B6 8D87 859D 1C94 48F0 84C0 9749 9EB5 91BD 851B *
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4616 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.balabit.hu/pipermail/syslog-ng/attachments/20070316/a44aeb0e/smime.bin
------------------------------
_______________________________________________
syslog-ng maillist - syslog-ng at lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
End of syslog-ng Digest, Vol 23, Issue 20
*****************************************
---------------------------------
Ahhh...imagining that irresistible "new car" smell?
Check outnew cars at Yahoo! Autos.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20070425/3cfe1f20/attachment.htm
More information about the syslog-ng
mailing list