[syslog-ng] mark-mode
Fabien Wernli
wernli at in2p3.fr
Thu Jun 29 14:01:57 UTC 2017
Hi,
What would be the best way to identify a message originating from mark-mode?
I don't see any obvious way to do so, apart from matching the message for '-- MARK --'.
Here's an example on how it looks:
{
"YEAR_DAY": "180",
"YEAR": "2017",
"WEEK_DAY_NAME": "Thursday",
"WEEK_DAY_ABBREV": "Thu",
"WEEK_DAY": "5",
"WEEKDAY": "Thu",
"WEEK": "26",
"USEC": "233311",
"UNIXTIME": "1498744609",
"TZOFFSET": "+02:00",
"TZ": "+02:00",
"TAGS": ".source.#anon-source0",
"TAG": "0d",
"S_YEAR_DAY": "180",
"S_YEAR": "2017",
"S_WEEK_DAY_NAME": "Thursday",
"S_WEEK_DAY_ABBREV": "Thu",
"S_WEEK_DAY": "5",
"S_WEEKDAY": "Thu",
"S_WEEK": "26",
"S_USEC": "233311",
"S_UNIXTIME": "1498744609",
"S_TZOFFSET": "+02:00",
"S_TZ": "+02:00",
"S_STAMP": "Jun 29 15:56:49",
"S_SEC": "49",
"S_MSEC": "233",
"S_MONTH_WEEK": "4",
"S_MONTH_NAME": "June",
"S_MONTH_ABBREV": "Jun",
"S_MONTH": "06",
"S_MIN": "56",
"S_ISODATE": "2017-06-29T15:56:49+02:00",
"S_HOUR12": "03",
"S_HOUR": "15",
"S_FULLDATE": "2017 Jun 29 15:56:49",
"S_DAY": "29",
"S_DATE": "Jun 29 15:56:49",
"S_AMPM": "PM",
"SYSUPTIME": "207",
"STAMP": "Jun 29 15:56:49",
"SOURCEIP": "127.0.0.1",
"SOURCE": "#anon-source0",
"SEC": "49",
"R_YEAR_DAY": "180",
"R_YEAR": "2017",
"R_WEEK_DAY_NAME": "Thursday",
"R_WEEK_DAY_ABBREV": "Thu",
"R_WEEK_DAY": "5",
"R_WEEKDAY": "Thu",
"R_WEEK": "26",
"R_USEC": "233311",
"R_UNIXTIME": "1498744609",
"R_TZOFFSET": "+02:00",
"R_TZ": "+02:00",
"R_STAMP": "Jun 29 15:56:49",
"R_SEC": "49",
"R_MSEC": "233",
"R_MONTH_WEEK": "4",
"R_MONTH_NAME": "June",
"R_MONTH_ABBREV": "Jun",
"R_MONTH": "06",
"R_MIN": "56",
"R_ISODATE": "2017-06-29T15:56:49+02:00",
"R_HOUR12": "03",
"R_HOUR": "15",
"R_FULLDATE": "2017 Jun 29 15:56:49",
"R_DAY": "29",
"R_DATE": "Jun 29 15:56:49",
"R_AMPM": "PM",
"RUNID": "1",
"PRIORITY": "notice",
"PRI": "13",
"MSG": "dl",
"MSEC": "233",
"MONTH_WEEK": "4",
"MONTH_NAME": "June",
"MONTH_ABBREV": "Jun",
"MONTH": "06",
"MIN": "56",
"MESSAGE": "dl",
"LOGHOST": "localhost.localdomain",
"LEVEL_NUM": "5",
"LEVEL": "notice",
"ISODATE": "2017-06-29T15:56:49+02:00",
"HOUR12": "03",
"HOUR": "15",
"HOST_FROM": "localhost",
"HOSTID": "abb0b0e5",
"HOST": "localhost",
"FULLDATE": "2017 Jun 29 15:56:49",
"FILE_NAME": "/dev/stdin",
"FACILITY_NUM": "1",
"FACILITY": "user",
"DAY": "29",
"DATE": "Jun 29 15:56:49",
"C_YEAR_DAY": "180",
"C_YEAR": "2017",
"C_WEEK_DAY_NAME": "Thursday",
"C_WEEK_DAY_ABBREV": "Thu",
"C_WEEK_DAY": "5",
"C_WEEKDAY": "Thu",
"C_WEEK": "26",
"C_UNIXTIME": "1498744609",
"C_TZOFFSET": "-00:00",
"C_TZ": "-00:00",
"C_STAMP": "Jun 29 13:56:48",
"C_SEC": "48",
"C_MONTH_WEEK": "4",
"C_MONTH_NAME": "June",
"C_MONTH_ABBREV": "Jun",
"C_MONTH": "06",
"C_MIN": "56",
"C_ISODATE": "2017-06-29T13:56:48-00:00",
"C_HOUR": "13",
"C_FULLDATE": "2017 Jun 29 13:56:48",
"C_DAY": "29",
"C_DATE": "Jun 29 13:56:48",
"BSDTAG": "5B",
"AMPM": "PM"
}
More information about the syslog-ng
mailing list