You don't have to define the application name, just know that it's
present in the syslogs that it writes. It would be helpful to have
examples to see.. but for rough ideas, you could do things like this:
template (name="logs" type="string"
string="/data/logs/java/%HOSTNAME%-%$YEAR%%$MONTH%%$DAY%")
:programname, isequal, "java" action(type="omfile"
DirCreateMode="0755" FileCreateMode="0644" dynafile="javalogs")
:programname, isequal, "java" stop
Or, if the program name field isn't java you could used ':msg,
contains, "<something>" ' that is common to all those types of
messages.
Examples of the logs you are looking at would help. And since you are
specifying a log server, can you change the port in that
specification? You could use a non standard port and do something
simple like this
template (name="logs" type="string"
string="/data/logs/java/%HOSTNAME%-%$YEAR%%$MONTH%%$DAY%")
ruleset(name="java"){
action(type="omfile" dynafile="javalogs")
stop
}
input(type="imptcp" port="10514" ruleset="java")
On Wed, Oct 9, 2013 at 7:09 AM, Hanish Bansal
<[email protected]> wrote:
> Hi
>
> I am not defining application name in logging configuration. In my java
> application i define below configuration in log4j.xml file:
>
> <appender name="syslog" class="org.apache.log4j.net.SyslogAppender">
> <param name="facility" value="local3" />
> <param name="facilityPrinting" value="true" />
> <param name="syslogHost" value="100.125.12.154" />
> <param name="threshold" value="info" />
> <layout class="org.apache.log4j.PatternLayout">
> <param name="ConversionPattern" value="[%p] %c{1}:%L - %m%n" />
> </layout>
> </appender>
>
> Where 100.125.12.154 is syslog server.
>
> In /etc/rsyslog.conf on machine 100.125.12.154 i define below configuration
> to maintain logs:
>
> $template LOCAL3,"/var/log/component3.log"
> local3.* ?LOCAL3
>
> Could you please elaborate how to define rules for maintaining different
> log files using same facility level for different components?
>
>
> On Wed, Oct 9, 2013 at 12:21 PM, Jeremy Hoel <[email protected]> wrote:
>
>> Of the different components can use different ports you can base rules
>> around the port of the listener and run a few listeners. Or if the
>> components have different t application names you can run a if-then rule
>> and send different applications to different log files.
>> On Oct 9, 2013 12:26 AM, "Hanish Bansal" <[email protected]>
>> wrote:
>>
>> > Hi All,
>> >
>> > I have more than 10 components and i want to maintain logs of those
>> > component as different log files. If i have 10 components then i want 10
>> > log files one for each component.
>> >
>> > I am using facilities level from local1 to local6. Using this i am able
>> to
>> > maintain logs of 6 components. As we define one facility level for one
>> > component. Using this scenario i am limited not to have more log files.
>> >
>> > What should i do for maintaining logs for different components?
>> >
>> >
>> > Thanks in Advance !!!
>> >
>> > --
>> > *Regards*
>> > *Hanish Bansal*
>> > _______________________________________________
>> > rsyslog mailing list
>> > http://lists.adiscon.net/mailman/listinfo/rsyslog
>> > http://www.rsyslog.com/professional-services/
>> > What's up with rsyslog? Follow https://twitter.com/rgerhards
>> > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
>> > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
>> > DON'T LIKE THAT.
>> >
>> _______________________________________________
>> rsyslog mailing list
>> http://lists.adiscon.net/mailman/listinfo/rsyslog
>> http://www.rsyslog.com/professional-services/
>> What's up with rsyslog? Follow https://twitter.com/rgerhards
>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
>> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
>> DON'T LIKE THAT.
>>
>
>
>
> --
> *Thanks & Regards*
> *Hanish Bansal*
> _______________________________________________
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
> sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T
> LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
