Re: syslog

2017-09-19 Thread Remco Post
Hi all, for those of us who are interested, I haven’t been able to confirm, but IBM support told me the syslog facility is ’USER’, for better/easier filtering. > On 24 Aug 2017, at 17:35, Shawn Drew wrote: > > Right, when trying to figure this out I tried all the local

Re: syslog

2017-08-24 Thread Remco Post
Maybe I'll open a call with IBM to find out, let them work for the support contract.. ;-) Verstuurd vanaf mijn iPhone > Op 24 aug. 2017 om 17:35 heeft Shawn Drew het volgende > geschreven: > > Right, when trying to figure this out I tried all the local facilities but >

Re: syslog

2017-08-24 Thread Shawn Drew
*rsyslog syntax

Re: syslog

2017-08-24 Thread Shawn Drew
Right, when trying to figure this out I tried all the local facilities but couldn't find the TSM messages. I gave up on the facilities when I found the rsync syntax. On Aug 24, 2017, 3:48 AM -0400, Remco Post , wrote: > Hi Shawn, > > great! thanks! This is really useful. I guess

Re: syslog

2017-08-24 Thread Remco Post
Hi Shawn, great! thanks! This is really useful. I guess only IBM knows what syslog facility is being used… > On 24 Aug 2017, at 02:29, Shawn Drew wrote: > > I think this syntax is specific to rsyslog (which you probably have) > When you put it in the conf, make sure it is

Re: syslog

2017-08-23 Thread Shawn Drew
I think this syntax is specific to rsyslog (which you probably have) When you put it in the conf, make sure it is above the line for the messages file if $programname == 'dsmserv' and not ($msg contains 'REPORTING_ADMIN') and not ($msg contains 'ANR8592I') then /var/log/dsmserv.log &

Re: syslog

2017-08-23 Thread Remco Post
Tell me more, please. I'm quite sure that there is Splunk in my future as well, can you share your syslog config? -- Remco Post re...@plcs.nl 06-248 21 622 > Op 23 aug. 2017 om 19:12 heeft Shawn Drew het volgende > geschreven: > > Yes, they ninja-added this is 7.1.4 > I

Re: syslog

2017-08-23 Thread Shawn Drew
Yes, they ninja-added this is 7.1.4 I enabled it and now I can collect all TSM actlogs and use syslog to forward to splunk without a splunk agent and without the weird formatting of the filetextexit. I wish they had this on all the architectures. You can use the syslog utilities to do filtering