On Fri, 11 Oct 2013, Hanish Bansal wrote:
David, could you please tell me what should i have to change in conversion
pattern to have standard syslog format as you shared?
look at http://en.wikipedia.org/wiki/Syslog for info on facility and severity
I'm not a Java programmer, but I suspect that what you want something like
value="appname: %c{1}:%L - %m%n"
and then you can filter on the programname field in rsyslog (or use a dynamic
filename with programname the way another poster suggested)
Also i want to know that using format *<pri>DateTime hostname
programname[pid]: logmessage *how below log message will look like?
Oct 10 10:01:08 localhost local3: [DEBUG] SNMPAgent:260 - Enter
registerManagedObject
<159>Oct 10 10:01:08 localhostSNMPAgent[260]: - Enter registerManagedObject
Also one more thing the reason why we choose this pattern is, we want to
print severity level in log messages also. Because using this user can
easily identify the log messages are just for info or if there is any error
in app.
you can put any information in the message that you want, but if you put things
in places that the standard says are supposed to hold other things, don't be
surprised if there are problems parsing the messages.
David Lang
On Fri, Oct 11, 2013 at 10:31 PM, David Lang <[email protected]> wrote:
On Fri, 11 Oct 2013, Hanish Bansal wrote:
Hi David,
I was assuming below format for syslog:
DateTime hostname facilitylevel severitylevel logmessage
that's not the format for syslog
the format for syslog is
<pri>DateTime hostname programname[pid]: logmessage
where pri is calculated from the facility and severity
With my conversion pattern(value="[%p] %c{1}:%L - %m%n") my log messages
are like this:
Oct 10 10:01:08 localhost local3: [DEBUG] SNMPAgent:260 - Enter
registerManagedObject
Oct 10 10:01:08 localhost local3: [DEBUG] SNMPAgent:266 - Exit
registerManagedObject
Are you saying that the conversion pattern which i am using is not in
standard syslog format?
yep
And yes i am getting programname same as facility level. Configuration of
log4j.xml i have already shared before. Don't know what is missing in my
configuration?
you ar putting the facility name where the programname is supposed to be.
you can change that string to be anything you want and then filter on it
Alan, yes the below pattern is working in my case:
<param name="ConversionPattern" value="uniquetext [%p] %c{1}:%L -> %m%n"
/>
By applying filter now i can maintain different log files.
But in this case the problem is only that now log messages will also
contain uniquetext. This may violate standard syslog format.
the programname can be any alphanumeric string up to something like 32
characters
David Lang
On Thu, Oct 10, 2013 at 9:53 PM, David Lang <[email protected]> wrote:
let's look at the conversion pattern you are using here. could you please
post a sample log message as well?
value="[%p] %c{1}:%L - %m%n"
from the docs
%p is the priority, this does not need to be in text in a syslog message
%c{1} a single component of the category name
%L line number
%m the message
%n newline
so if you just changed the conversion pattern to:
value="uniquetext [%p] %c{1}:%L - %m%n"
then you could filter on 'uniquetext'
now, one thing that jumps out at me is that this does not look like a
regular syslog formatted log, so I expect that if we change it a bit we
can
seriously improve things, but I would need to see a log entry created
with
this format to be sure.
ideally I'd like to see what rsyslog on the machine that your app is
sending directly to logs with the format RSYSLOG_DebugFormat
David Lang
______________________________****_________________
rsyslog mailing list
http://lists.adiscon.net/****mailman/listinfo/rsyslog<http://lists.adiscon.net/**mailman/listinfo/rsyslog>
<http:**//lists.adiscon.net/mailman/**listinfo/rsyslog<http://lists.adiscon.net/mailman/listinfo/rsyslog>
http://www.rsyslog.com/****professional-services/<http://www.rsyslog.com/**professional-services/>
<http://**www.rsyslog.com/professional-**services/<http://www.rsyslog.com/professional-services/>
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
DON'T LIKE THAT.
______________________________**_________________
rsyslog mailing list
http://lists.adiscon.net/**mailman/listinfo/rsyslog<http://lists.adiscon.net/mailman/listinfo/rsyslog>
http://www.rsyslog.com/**professional-services/<http://www.rsyslog.com/professional-services/>
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
