[syslog-ng] [EXTERNAL] Re: Using custom parser with only a subset of udp traffic
Fabien Wernli
wernli at in2p3.fr
Thu May 27 06:35:37 UTC 2021
Hi Mark,
On Fri, May 21, 2021 at 02:22:09PM +0000, Faine, Mark R. (MSFC-IS40)[NICS] wrote:
> Thanks, a couple of questions. Do you have any blog posts that demonstrate best practices when using junctions and channels? I think I mostly understand it but sometimes things happen that I don't anticipate and I'm trying to figure out what I'm not understanding.
I think most people (including the developers) think that junctions and
channels are hard to grasp concepts, and therefore now use if then else
constructs instead.
> Is it possible to give a name to every filter, rewrite, parser, etc.? As I'm looking through traces they are hard to identify when they are anon-filter and such, I have to go look at the line number or figure it out from the context of the log message. I tried this but the --syntax-only check was not having it, perhaps I was doing it wrong. I would also like to be able to write to a file only the log categorization output without the actual log messages, is that possible? It would help me in figuring out why things are not going where they should.
You can use named filters instead of anonymous ones everywhere, even in
junctions and channels.
As for your last question, I think your only option is to run syslog-ng in
the foreground in debug mode, where it will tell you exactly what it's
doing. Now that I think of it, IIRC there's also a way to get more detailed
stats
(https://www.syslog-ng.com/technical-documents/doc/syslog-ng-open-source-edition/3.26/administration-guide/option-stats-level-description)
Hoping that helps
More information about the syslog-ng
mailing list