I can not use *':msg, contains, "<something>"' *because my log messages are completely random.
As you suggested i tried *programname *and also* app-name *but hard luck !! I didn't get much success. Because *programname *and *app-name* both are giving value as facility name, in mycase value of programname and app-name is *local3* because my facility level is local3. On Wed, Oct 9, 2013 at 8:31 PM, Jeremy Hoel <[email protected]> wrote: > You don't have to define the application name, just know that it's > present in the syslogs that it writes. It would be helpful to have > examples to see.. but for rough ideas, you could do things like this: > > template (name="logs" type="string" > string="/data/logs/java/%HOSTNAME%-%$YEAR%%$MONTH%%$DAY%") > :programname, isequal, "java" action(type="omfile" > DirCreateMode="0755" FileCreateMode="0644" dynafile="javalogs") > :programname, isequal, "java" stop > > Or, if the program name field isn't java you could used ':msg, > contains, "<something>" ' that is common to all those types of > messages. > > > Examples of the logs you are looking at would help. And since you are > specifying a log server, can you change the port in that > specification? You could use a non standard port and do something > simple like this > > > template (name="logs" type="string" > string="/data/logs/java/%HOSTNAME%-%$YEAR%%$MONTH%%$DAY%") > ruleset(name="java"){ > action(type="omfile" dynafile="javalogs") > stop > } > input(type="imptcp" port="10514" ruleset="java") > > On Wed, Oct 9, 2013 at 7:09 AM, Hanish Bansal > <[email protected]> wrote: > > Hi > > > > I am not defining application name in logging configuration. In my java > > application i define below configuration in log4j.xml file: > > > > <appender name="syslog" class="org.apache.log4j.net.SyslogAppender"> > > <param name="facility" value="local3" /> > > <param name="facilityPrinting" value="true" /> > > <param name="syslogHost" value="100.125.12.154" /> > > <param name="threshold" value="info" /> > > <layout class="org.apache.log4j.PatternLayout"> > > <param name="ConversionPattern" value="[%p] %c{1}:%L - %m%n" > /> > > </layout> > > </appender> > > > > Where 100.125.12.154 is syslog server. > > > > In /etc/rsyslog.conf on machine 100.125.12.154 i define below > configuration > > to maintain logs: > > > > $template LOCAL3,"/var/log/component3.log" > > local3.* ?LOCAL3 > > > > Could you please elaborate how to define rules for maintaining different > > log files using same facility level for different components? > > > > > > On Wed, Oct 9, 2013 at 12:21 PM, Jeremy Hoel <[email protected]> wrote: > > > >> Of the different components can use different ports you can base rules > >> around the port of the listener and run a few listeners. Or if the > >> components have different t application names you can run a if-then rule > >> and send different applications to different log files. > >> On Oct 9, 2013 12:26 AM, "Hanish Bansal" < > [email protected]> > >> wrote: > >> > >> > Hi All, > >> > > >> > I have more than 10 components and i want to maintain logs of those > >> > component as different log files. If i have 10 components then i want > 10 > >> > log files one for each component. > >> > > >> > I am using facilities level from local1 to local6. Using this i am > able > >> to > >> > maintain logs of 6 components. As we define one facility level for one > >> > component. Using this scenario i am limited not to have more log > files. > >> > > >> > What should i do for maintaining logs for different components? > >> > > >> > > >> > Thanks in Advance !!! > >> > > >> > -- > >> > *Regards* > >> > *Hanish Bansal* > >> > _______________________________________________ > >> > rsyslog mailing list > >> > http://lists.adiscon.net/mailman/listinfo/rsyslog > >> > http://www.rsyslog.com/professional-services/ > >> > What's up with rsyslog? Follow https://twitter.com/rgerhards > >> > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a > myriad > >> > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > >> > DON'T LIKE THAT. > >> > > >> _______________________________________________ > >> rsyslog mailing list > >> http://lists.adiscon.net/mailman/listinfo/rsyslog > >> http://www.rsyslog.com/professional-services/ > >> What's up with rsyslog? Follow https://twitter.com/rgerhards > >> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > >> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > >> DON'T LIKE THAT. > >> > > > > > > > > -- > > *Thanks & Regards* > > *Hanish Bansal* > > _______________________________________________ > > rsyslog mailing list > > http://lists.adiscon.net/mailman/listinfo/rsyslog > > http://www.rsyslog.com/professional-services/ > > What's up with rsyslog? Follow https://twitter.com/rgerhards > > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > DON'T LIKE THAT. > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > DON'T LIKE THAT. > -- *Thanks & Regards* *Hanish Bansal* _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
