if programname is local3, you have configued something wrong. the programname
should not be the same as the facility.
you are configuring the logging in your application. If you can make the
facility unique, you should be able to make something else in the log message
unique per application.
David Lang
On Thu, 10 Oct 2013, Hanish Bansal wrote:
I can not use *':msg, contains, "<something>"' *because my log messages are
completely random.
As you suggested i tried *programname *and also* app-name *but hard luck !!
I didn't get much success. Because *programname *and *app-name* both are
giving value as facility name, in mycase value of programname and app-name
is *local3* because my facility level is local3.
On Wed, Oct 9, 2013 at 8:31 PM, Jeremy Hoel <[email protected]> wrote:
You don't have to define the application name, just know that it's
present in the syslogs that it writes. It would be helpful to have
examples to see.. but for rough ideas, you could do things like this:
template (name="logs" type="string"
string="/data/logs/java/%HOSTNAME%-%$YEAR%%$MONTH%%$DAY%")
:programname, isequal, "java" action(type="omfile"
DirCreateMode="0755" FileCreateMode="0644" dynafile="javalogs")
:programname, isequal, "java" stop
Or, if the program name field isn't java you could used ':msg,
contains, "<something>" ' that is common to all those types of
messages.
Examples of the logs you are looking at would help. And since you are
specifying a log server, can you change the port in that
specification? You could use a non standard port and do something
simple like this
template (name="logs" type="string"
string="/data/logs/java/%HOSTNAME%-%$YEAR%%$MONTH%%$DAY%")
ruleset(name="java"){
action(type="omfile" dynafile="javalogs")
stop
}
input(type="imptcp" port="10514" ruleset="java")
On Wed, Oct 9, 2013 at 7:09 AM, Hanish Bansal
<[email protected]> wrote:
Hi
I am not defining application name in logging configuration. In my java
application i define below configuration in log4j.xml file:
<appender name="syslog" class="org.apache.log4j.net.SyslogAppender">
<param name="facility" value="local3" />
<param name="facilityPrinting" value="true" />
<param name="syslogHost" value="100.125.12.154" />
<param name="threshold" value="info" />
<layout class="org.apache.log4j.PatternLayout">
<param name="ConversionPattern" value="[%p] %c{1}:%L - %m%n"
/>
</layout>
</appender>
Where 100.125.12.154 is syslog server.
In /etc/rsyslog.conf on machine 100.125.12.154 i define below
configuration
to maintain logs:
$template LOCAL3,"/var/log/component3.log"
local3.* ?LOCAL3
Could you please elaborate how to define rules for maintaining different
log files using same facility level for different components?
On Wed, Oct 9, 2013 at 12:21 PM, Jeremy Hoel <[email protected]> wrote:
Of the different components can use different ports you can base rules
around the port of the listener and run a few listeners. Or if the
components have different t application names you can run a if-then rule
and send different applications to different log files.
On Oct 9, 2013 12:26 AM, "Hanish Bansal" <
[email protected]>
wrote:
Hi All,
I have more than 10 components and i want to maintain logs of those
component as different log files. If i have 10 components then i want
10
log files one for each component.
I am using facilities level from local1 to local6. Using this i am
able
to
maintain logs of 6 components. As we define one facility level for one
component. Using this scenario i am limited not to have more log
files.
What should i do for maintaining logs for different components?
Thanks in Advance !!!
--
*Regards*
*Hanish Bansal*
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
myriad
of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
DON'T LIKE THAT.
--
*Thanks & Regards*
*Hanish Bansal*
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
