[opensuse] Include year in timestamp, in log files (syslog-ng)
Hi list, How can i get the year included in the timestamps of log files ? Currently, the timestamps looks like this (from /var/log/messages): Mar 25 10:40:26 SoliD syslog-ng[1801]: STATS: dropped 0 I would like it to look something like this: Mar 25 2009 10:40:26 SoliD syslog-ng[1801]: STATS: dropped 0 I'm going over some 3-4 year old log files to find some specific events. The filename generated by lograte (which includes the date of when the log file was compressed/archived/rotated), does help a lot, but in the future i would like to be able to just grep for "Jan 23 2005", for example. I'm guessing i need to configure syslog-ng ? I just can't seem to figure out how. Best regards Sylvester Lykkehus -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Sylvester Lykkehus wrote:
Hi list,
How can i get the year included in the timestamps of log files ?
Just write the right template in /etc/syslog-ng/syslog-ng: template("$ISODATE $HOST $MSG\n")
I would like it to look something like this: Mar 25 2009 10:40:26 SoliD syslog-ng[1801]: STATS: dropped 0
Look up the manual for syslog-ng, I'm sure there's a way to add the year like that. /Per -- Per Jessen, Zürich (4.1°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 2009-03-25 13:02, Per Jessen wrote:
Sylvester Lykkehus wrote:
Hi list,
How can i get the year included in the timestamps of log files ?
Just write the right template in /etc/syslog-ng/syslog-ng:
template("$ISODATE $HOST $MSG\n")
I would like it to look something like this: Mar 25 2009 10:40:26 SoliD syslog-ng[1801]: STATS: dropped 0
Look up the manual for syslog-ng, I'm sure there's a way to add the year like that.
/Per
Thanks Per, that gave me a pointer. I'm running 11.0 and have syslog-ng-1.6.12-76.2. There is no mention of template in syslog-ng and syslog-ng.conf man pages, but it gave me something to search on google for, which turned up this: https://lists.balabit.hu/pipermail/syslog-ng/2006-November/009510.html Meaning, i cannot define a template, but i can use it inline on each destination. Thanks again /Sylvester -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wednesday, 2009-03-25 at 13:28 +0100, Sylvester Lykkehus wrote:
There is no mention of template in syslog-ng and syslog-ng.conf man pages,
The manual is in html in the documentation dir. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAknKJsYACgkQtTMYHG2NR9WqawCcDlyGLJ/yZzFgGbRcHqcrL8qE OEoAn1Uma1GDml6sOj/nQWCxkHmdm+i4 =2KAr -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Sylvester Lykkehus wrote:
Thanks Per, that gave me a pointer.
Great!
I'm running 11.0 and have syslog-ng-1.6.12-76.2. There is no mention of template in syslog-ng and syslog-ng.conf man pages, but it gave me something to search on google for, which turned up this: https://lists.balabit.hu/pipermail/syslog-ng/2006-November/009510.html
Meaning, i cannot define a template, but i can use it inline on each destination.
Yep, that's exactly how you use it. /Per -- Per Jessen, Zürich (5.3°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wednesday, 2009-03-25 at 13:02 +0100, Per Jessen wrote:
How can i get the year included in the timestamps of log files ?
Just write the right template in /etc/syslog-ng/syslog-ng:
template("$ISODATE $HOST $MSG\n")
I would like it to look something like this: Mar 25 2009 10:40:26 SoliD syslog-ng[1801]: STATS: dropped 0
Look up the manual for syslog-ng, I'm sure there's a way to add the year like that.
Interesting! I see some samples. /packages/syslog-ng/syslog-ng.txt: destination d_file { file("/var/log/$YEAR.$MONTH.$DAY/messages" template("$HOUR:$MIN:$SEC $TZ $HOST [$LEVEL] $MSG $MSG\n") template_escape(no) ); }; I'll have to play with that. I'd like to setup the default for all logs to something like "20090325 13:39:47" (or 09 instead of 2009, dunno). The above sintaxis seems to be for one file only. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAknKJoUACgkQtTMYHG2NR9UFvwCeNJydCE7juQjocQjf5eJV8sr1 OhoAnRnZZW3TOcan0nzqXwbSZ5Jgbctq =gx/z -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Carlos E. R. wrote:
I'll have to play with that. I'd like to setup the default for all logs to something like "20090325 13:39:47" (or 09 instead of 2009, dunno). The above sintaxis seems to be for one file only.
I find the ISODATE format to be the most useful, but yes, I think you need to set it per destination. Here's what I use in a couple of places: destination nnn { file("/var/log/nnn" template_escape(no) template("$ISODATE $HOST $MSG\n") ); }; /Per -- Per Jessen, Zürich (4.7°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (3)
-
Carlos E. R. -
Per Jessen -
Sylvester Lykkehus