[syslog-ng] Multi-line support issue

Satish Patel satish.txt at gmail.com
Mon Jul 8 18:30:16 CEST 2013 

This is what i have configured and no luck with it.. can you suggest what i
am missing?

destination d02_tc74_log {
file("/logs/server1/tomcat7.4/catalina_$YEAR$MONTH$DAY.log"
template("$(indent-multi-line ${MESSAGE})\n") template(t_tomcatlog)
owner("root") group("root") perm(0644) dir_perm(0755) create_dirs(yes)); };
filter server1 { host("server1.example.com") };
log {
  source (s_tomcat);
  filter (server1);
  filter (tomcat7_4);
  destination (d02_tc74_log);
};



On Mon, Jul 8, 2013 at 12:08 PM, Satish Patel <satish.txt at gmail.com> wrote:

> How do i use indented-multi-line ? I meant where do i configure it? I
> tried but my syslog-ng doesn't recognizing this option i have syslog-ng
> 3.3.7  could you give me example where and how do i check whether it is
> supported or not
>
>
> On Sat, Jul 6, 2013 at 2:12 AM, Balazs Scheidler <bazsi77 at gmail.com>wrote:
>
>> This looks.like the format that should be supported by indented-multi-line
>> On Jul 5, 2013 9:33 PM, "Satish Patel" <satish.txt at gmail.com> wrote:
>>
>>> Here is my tomcat catalina.out log file sample. See there is a tab space
>>> in logs
>>>
>>> 2013-06-27 05:30:00,065 [EDISN-Scheduler_Worker-2] ERROR
>>> com.example.edisn.sftp.SftpSession - Exception attempting to work with an
>>> SFTP Session: connection is closed by foreign host
>>> 2013-06-27 05:30:00,066 [EDISN-Scheduler_Worker-2] ERROR
>>> org.quartz.core.JobRunShell - Job EDISN.CTMS_Upload threw an unhandled
>>> Exception:
>>> com.example.edisn.EdisnRuntimeException: Exception attempting to work
>>> with an SFTP Session: connection is closed by foreign host
>>>         at
>>> com.example.edisn.sftp.SftpSession.doSession(SftpSession.java:64)
>>>         at com.example.edisn.EdisnSession.exec(EdisnSession.java:13)
>>>         at
>>> com.example.ctms.CtmsScheduledJob.executeInternal(CtmsScheduledJob.java:27)
>>>         at
>>> org.springframework.scheduling.quartz.QuartzJobBean.execute(QuartzJobBean.java:86)
>>>         at org.quartz.core.JobRunShell.run(JobRunShell.java:202)
>>>         at
>>> org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:525)
>>> Caused by: com.jcraft.jsch.JSchException: connection is closed by
>>> foreign host
>>>         at com.jcraft.jsch.Session.connect(Unknown Source)
>>>         at com.jcraft.jsch.Session.connect(Unknown Source)
>>>         at
>>> com.example.edisn.sftp.SftpSession.doSession(SftpSession.java:45)
>>>         ... 5 more
>>>
>>>
>>>
>>> On Fri, Jul 5, 2013 at 3:27 PM, Balazs Scheidler <bazsi77 at gmail.com>wrote:
>>>
>>>> No, I implemented a different multiline style support first (that is
>>>> not in pe), where continuation lines are indicated by indentation, like
>>>> mime.
>>>>
>>>> Iirc tomcat has this kind of log file. Can you show a sample log entry?
>>>>
>>>> The infrastructure for multiline-prefix is also there but not added yet.
>>>>
>>>> Let me see the sample, I'll tell if the current solution works or not.
>>>> On Jul 5, 2013 8:24 PM, "Satish Patel" <satish.txt at gmail.com> wrote:
>>>>
>>>>> Thanks for reply Balazs,
>>>>>
>>>>> You mean say this feature is available in Open Source Edition (OSE)
>>>>> 3.4? Once after specifying flag "indented-multi-line" i can use
>>>>> multi-line-prefix?
>>>>>
>>>>>
>>>>> On Fri, Jul 5, 2013 at 1:26 PM, Balazs Scheidler <bazsi77 at gmail.com>wrote:
>>>>>
>>>>>> You have found the PE documentation but I have already ported this to
>>>>>> the OSE tree and has been released as part of 3.4.
>>>>>>
>>>>>> You have to specify indented-multi-line as a flag to the file source.
>>>>>> On Jul 5, 2013 6:28 PM, "Satish Patel" <satish.txt at gmail.com> wrote:
>>>>>>
>>>>>>>  We have tomcat shop and at everyone know tomcat has a java call
>>>>>>> trace in logs with tab space but syslog-ng doesn't know about it and
>>>>>>> printing lines as a new line. I have read here syslog-ng 3.x does support
>>>>>>> multi-line logs
>>>>>>> http://www.balabit.com/sites/default/files/documents/syslog-ng-pe-4.0-guides/en/syslog-ng-pe-v4.0-guide-admin-en/html/reference_source_syslog.html
>>>>>>>
>>>>>>> But does this feature available in Open Source syslog-ng? If yes
>>>>>>> then why its not working for me?
>>>>>>>
>>>>>>>
>>>>>>> ______________________________________________________________________________
>>>>>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>>>>>> Documentation:
>>>>>>> http://www.balabit.com/support/documentation/?product=syslog-ng
>>>>>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>> ______________________________________________________________________________
>>>>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>>>>> Documentation:
>>>>>> http://www.balabit.com/support/documentation/?product=syslog-ng
>>>>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> ______________________________________________________________________________
>>>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>>>> Documentation:
>>>>> http://www.balabit.com/support/documentation/?product=syslog-ng
>>>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>>>
>>>>>
>>>>>
>>>>
>>>> ______________________________________________________________________________
>>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>>> Documentation:
>>>> http://www.balabit.com/support/documentation/?product=syslog-ng
>>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>>
>>>>
>>>>
>>>
>>>
>>> ______________________________________________________________________________
>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>> Documentation:
>>> http://www.balabit.com/support/documentation/?product=syslog-ng
>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>
>>>
>>>
>>
>> ______________________________________________________________________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation:
>> http://www.balabit.com/support/documentation/?product=syslog-ng
>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20130708/8daeaa25/attachment-0001.htm

More information about the syslog-ng mailing list