Dear Carlos, With your already wonderful script I can log the file as received however as I am aware of the RFC which defines syslog rules and conventions found at
http://www.faqs.org/rfcs/rfc3164.html I need to substitute the value in <?> for the following before the log is created. This is where we get the definitions of Where the number enclosed by < > is equal to 0 Emergency: system is unusable 1 Alert: action must be taken immediately 2 Critical: critical conditions 3 Error: error conditions 4 Warning: warning conditions 5 Notice: normal but significant condition 6 Informational: informational messages 7 Debug: debug-level message Within standard syslog information as I quoted [2007-04-21 17:31:55] *<6>*EFW: ALG: prio=1 algmod=http algsesid=70500 action=close reason=backlisted_url.......... In the above this represents an Informational event. It it were to be a 4 this would substitute the work 'warning' As ALL syslog messages conform to at least these 2 mandatory fields can I incorporate your code and see any value enclosed in *< >* and have it substitute for the correct Event Title. Normal expectations of messages are about. 38,000 mph - again dependant on staff numbers. I am in the process of building a dedicated Linux PC to perform just this function. under normal usage you would expect up to 38,000 messages per hour during heavy traffic. Hence I have a management model to do all the statistical work and trends. (Linux) After I succeed I will be happy to provide the result. There is an enormous requirement for a Linux Syslog. If you wish you may wish to publish on web. Kind Regards Scott :-) Carlos E. R. wrote: > > The Sunday 2007-04-22 at 07:47 +1000, Registration Account wrote: > > > Those few lines of code are just what I need. Yes off course I can use > > KsystemLog - its all set up to chase the file as it grows by the > > millisecond and has a wide application use. An Xterm will not offer as > > much I feel. > > Oh, yes, xterm is much faster than any other gui app. Try, leave an xterm > with "tailf logfile". > > > > With respect to the substitution of the Priority codes below in place of > > the value contained the string below as <?> is that also as easy to > achieve. > > I'm not sure what you want there... syslog has standard priority values, > but the priority is not printed, its just used to filter them out to > different destination files if wanted. > > For instance: > > filter f_mailinfo { level(info) and facility(mail); }; > filter f_mailwarn { level(warn) and facility(mail); }; > filter f_mailerr { level(err, crit) and facility(mail); }; > filter f_mail { facility(mail); }; > filter f_myemail { level(notice) and facility(mail) and not > (program("amavis") and match("Passed CLEAN,")); }; # info o notice > > > ... > > destination maildebug { file("/var/log/mail.debug" ); }; > log { source(src); filter(f_mail); destination(maildebug); }; > > > log { source(src); filter(f_myemail); destination(mail); }; > log { source(src); filter(f_mail); destination(mail); }; > > > > The "/var/log/mail.debug" file will contain all the mail messages of any > level, but the "/var/log/mail" will only contain those of lever "notice" > and higher importance, except those comming from the program "amavis" > with > certain string. > > But I don't know how to insert an arbitrary string indicating the level; > for that I think you will need to hack the syslog-ng code. > > > > > Please let me know where to send chocolate! > > Ugh, I have half a kilo downstairs I shouldn't even look at... leave > it as > virtual ;-) >
smime.p7s
Description: S/MIME Cryptographic Signature
