Thanks David i'll look into it.
On Sat, Oct 12, 2013 at 9:55 AM, David Lang <[email protected]> wrote: > On Fri, 11 Oct 2013, Hanish Bansal wrote: > > David, could you please tell me what should i have to change in >> conversion >> pattern to have standard syslog format as you shared? >> > > look at > http://en.wikipedia.org/wiki/**Syslog<http://en.wikipedia.org/wiki/Syslog>for > info on facility and severity > > I'm not a Java programmer, but I suspect that what you want something like > > value="appname: %c{1}:%L - %m%n" > > and then you can filter on the programname field in rsyslog (or use a > dynamic filename with programname the way another poster suggested) > > Also i want to know that using format *<pri>DateTime hostname >> programname[pid]: logmessage *how below log message will look like? >> >> >> Oct 10 10:01:08 localhost local3: [DEBUG] SNMPAgent:260 - Enter >> registerManagedObject >> > > <159>Oct 10 10:01:08 localhostSNMPAgent[260]: - Enter registerManagedObject > > > Also one more thing the reason why we choose this pattern is, we want to >> print severity level in log messages also. Because using this user can >> easily identify the log messages are just for info or if there is any >> error >> in app. >> > > you can put any information in the message that you want, but if you put > things in places that the standard says are supposed to hold other things, > don't be surprised if there are problems parsing the messages. > > David Lang > > >> >> On Fri, Oct 11, 2013 at 10:31 PM, David Lang <[email protected]> wrote: >> >> On Fri, 11 Oct 2013, Hanish Bansal wrote: >>> >>> Hi David, >>> >>>> >>>> I was assuming below format for syslog: >>>> DateTime hostname facilitylevel severitylevel logmessage >>>> >>>> >>> that's not the format for syslog >>> >>> the format for syslog is >>> <pri>DateTime hostname programname[pid]: logmessage >>> >>> where pri is calculated from the facility and severity >>> >>> >>> >>> With my conversion pattern(value="[%p] %c{1}:%L - %m%n") my log >>> messages >>> >>>> are like this: >>>> >>>> Oct 10 10:01:08 localhost local3: [DEBUG] SNMPAgent:260 - Enter >>>> registerManagedObject >>>> Oct 10 10:01:08 localhost local3: [DEBUG] SNMPAgent:266 - Exit >>>> registerManagedObject >>>> >>>> Are you saying that the conversion pattern which i am using is not in >>>> standard syslog format? >>>> >>>> >>> yep >>> >>> >>> And yes i am getting programname same as facility level. Configuration >>> of >>> >>>> log4j.xml i have already shared before. Don't know what is missing in my >>>> configuration? >>>> >>>> >>> you ar putting the facility name where the programname is supposed to be. >>> you can change that string to be anything you want and then filter on it >>> >>> >>> Alan, yes the below pattern is working in my case: >>> >>>> <param name="ConversionPattern" value="uniquetext [%p] %c{1}:%L -> %m%n" >>>> /> >>>> >>>> By applying filter now i can maintain different log files. >>>> >>>> But in this case the problem is only that now log messages will also >>>> contain uniquetext. This may violate standard syslog format. >>>> >>>> >>> the programname can be any alphanumeric string up to something like 32 >>> characters >>> >>> David Lang >>> >>> >>> >>>> On Thu, Oct 10, 2013 at 9:53 PM, David Lang <[email protected]> wrote: >>>> >>>> let's look at the conversion pattern you are using here. could you >>>> please >>>> >>>>> post a sample log message as well? >>>>> >>>>> >>>>> value="[%p] %c{1}:%L - %m%n" >>>>> >>>>> from the docs >>>>> >>>>> %p is the priority, this does not need to be in text in a syslog >>>>> message >>>>> %c{1} a single component of the category name >>>>> %L line number >>>>> %m the message >>>>> %n newline >>>>> >>>>> so if you just changed the conversion pattern to: >>>>> >>>>> value="uniquetext [%p] %c{1}:%L - %m%n" >>>>> >>>>> then you could filter on 'uniquetext' >>>>> >>>>> now, one thing that jumps out at me is that this does not look like a >>>>> regular syslog formatted log, so I expect that if we change it a bit we >>>>> can >>>>> seriously improve things, but I would need to see a log entry created >>>>> with >>>>> this format to be sure. >>>>> >>>>> ideally I'd like to see what rsyslog on the machine that your app is >>>>> sending directly to logs with the format RSYSLOG_DebugFormat >>>>> >>>>> David Lang >>>>> >>>>> ______________________________******_________________ >>>>> rsyslog mailing list >>>>> http://lists.adiscon.net/******mailman/listinfo/rsyslog<http://lists.adiscon.net/****mailman/listinfo/rsyslog> >>>>> <http:**//lists.adiscon.net/**mailman/**listinfo/rsyslog<http://lists.adiscon.net/**mailman/listinfo/rsyslog> >>>>> > >>>>> <http:**//lists.adiscon.net/**mailman/**listinfo/rsyslog<http://lists.adiscon.net/mailman/**listinfo/rsyslog> >>>>> <htt**p://lists.adiscon.net/mailman/**listinfo/rsyslog<http://lists.adiscon.net/mailman/listinfo/rsyslog> >>>>> > >>>>> >>>>>> >>>>>> >>>>>> http://www.rsyslog.com/******professional-services/<http://www.rsyslog.com/****professional-services/> >>>>> <http://**www.rsyslog.com/****professional-services/<http://www.rsyslog.com/**professional-services/> >>>>> > >>>>> <http://**www.rsyslog.com/**professional-**services/<http://www.rsyslog.com/professional-**services/> >>>>> <http:**//www.rsyslog.com/**professional-services/<http://www.rsyslog.com/professional-services/> >>>>> > >>>>> >>>>> >>>>>> >>>>> What's up with rsyslog? Follow https://twitter.com/rgerhards >>>>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a >>>>> myriad >>>>> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you >>>>> DON'T LIKE THAT. >>>>> >>>>> >>>>> >>>> >>>> >>>> ______________________________****_________________ >>>> >>> rsyslog mailing list >>> http://lists.adiscon.net/****mailman/listinfo/rsyslog<http://lists.adiscon.net/**mailman/listinfo/rsyslog> >>> <http:**//lists.adiscon.net/mailman/**listinfo/rsyslog<http://lists.adiscon.net/mailman/listinfo/rsyslog> >>> > >>> http://www.rsyslog.com/****professional-services/<http://www.rsyslog.com/**professional-services/> >>> <http://**www.rsyslog.com/professional-**services/<http://www.rsyslog.com/professional-services/> >>> > >>> What's up with rsyslog? Follow https://twitter.com/rgerhards >>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad >>> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you >>> DON'T LIKE THAT. >>> >>> >> >> >> >> ______________________________**_________________ > rsyslog mailing list > http://lists.adiscon.net/**mailman/listinfo/rsyslog<http://lists.adiscon.net/mailman/listinfo/rsyslog> > http://www.rsyslog.com/**professional-services/<http://www.rsyslog.com/professional-services/> > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > DON'T LIKE THAT. > -- *Thanks & Regards* *Hanish Bansal* _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
