[syslog-ng] logging facility in log file
chris packham
chris.packham at alliedtelesis.co.nz
Tue Jul 1 00:42:27 CEST 2008
What you're after is in chapter 3 section 7 of the administrator guide.
http://www.balabit.com/dl/html/syslog-ng-admin-guide_en.html/ch03s07.html
Following the example to add the facility and level to log messages written to
/var/log/messages the configuration would look something like this
destination d_file {
file("/var/log/messages"
template("$FACILITY:$PRIORITY $MSG\n"; template_escape(no))); };
>>> Jing CDL Sun <sjing at cn.ibm.com> 07/01/08 3:31 AM >>>
Thank you, Sandor.
I have read the syslog-ng documentation, and only found a FACILITY and
PRIORITY sample in it, such as:
destination hosts { file("/var/log/syslogs/$HOST/$FACILITY" owner(root)
group(root) perm(0600) dir_perm(0700) create_dirs(yes));};
but my purpose is not to log these message into a file named as FACILITY,
but to include this FACILITY in my log files, for example:
Jun 25 20:53:34 c890f12ec07 local6:warn|warning c890f12ec07 root: sunjing
test 1
"local6:warn" is what I wanted in the log file....could you help?
"Geller, Sandor
\(IT\)"
<Sandor.Geller at mo To
rganstanley.com> "'Syslog-ng users' and developers'
Sent by: mailing list'"
syslog-ng-bounces <syslog-ng at lists.balabit.hu>
@lists.balabit.hu cc
Subject
2008-06-30 18:11 Re: [syslog-ng] logging facility in
log file
Please respond to
"Syslog-ng users'
and developers'
mailing list"
<syslog-ng at lists.
balabit.hu>
Hi,
> I am using syslog-ng to do remote logging for facility of
> "local6" and priority of "warn", the log server is Linux
> system(SLES10 SP1), it works well with the message content,
> only one problem is the keyword of "local6" is not logged in
> the log file, please see the details below:
> on c890mgrs4(Linux)
> Jun 25 20:53:34 c890f12ec07 root: sunjing test 1
> Jun 25 20:53:38 c890f12ec07 root: sunjing test 2
>
> I did the same thing on AIX log server, while it could log
> the keyword of "local6" in log file:
> on c890mgrs3(AIX)
> Jun 25 20:53:34 c890f12ec07 local6:warn|warning c890f12ec07
> root: sunjing test 1
> Jun 25 20:53:38 c890f12ec07 local6:warn|warning c890f12ec07
> root: sunjing test 2
>
> So I am guessing that I did not enable this facility logging
> in syslog-ng, maybe syslog-ng has a certain configuration
> that could let the "facility" logged in message file, am I
> right? or could you point me to the correct method? I need
> this "facility" information to develop my applications.
There are macros which you could use (FACILITY, PRIORITY).
Simply add a template containing these to the destination
section(s). You should check the reference documentation
about templates and macros.
Regards,
Sandor
--------------------------------------------------------
NOTICE: If received in error, please destroy and notify sender. Sender does
not intend to waive confidentiality or privilege. Use of this email is
prohibited when received in error.
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation:
http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.campin.net/syslog-ng/faq.html
More information about the syslog-ng
mailing list