Mailinglist Archive: opensuse (3566 mails)
| < Previous | Next > |
Re: [opensuse] Need help creating a syslog -ng config file to perform a Syslog Daemon's Work.
- From: Registration Account <alpha096@xxxxxxxxxx>
- Date: Mon, 23 Apr 2007 05:17:22 +1000
- Message-id: <462BB4C2.2050005@xxxxxxxxxx>
Dear Carlos, With your already wonderful script I can log the file as
received however as I am aware of the RFC which defines syslog rules
and conventions found at
http://www.faqs.org/rfcs/rfc3164.html
I need to substitute the value in <?> for the following before the log is created.
This is where we get the definitions of
Where the number enclosed by < > is equal to
0 Emergency: system is unusable
1 Alert: action must be taken immediately
2 Critical: critical conditions
3 Error: error conditions
4 Warning: warning conditions
5 Notice: normal but significant condition
6 Informational: informational messages
7 Debug: debug-level message
Within standard syslog information as I quoted
[2007-04-21 17:31:55] *<6>*EFW: ALG: prio=1 algmod=http algsesid=70500
action=close reason=backlisted_url..........
In the above this represents an Informational event. It it were to be a 4 this would substitute the work 'warning' As ALL syslog messages conform to at least these 2 mandatory fields can I incorporate your code and see any value enclosed in *< >* and have it substitute for the correct Event Title. Normal expectations of messages are about.
38,000 mph - again dependant on staff numbers.
I am in the process of building a dedicated Linux PC to perform just this function. under normal usage you would expect up to 38,000 messages per hour during heavy traffic. Hence I have a management model to do all the statistical work and trends. (Linux)
After I succeed I will be happy to provide the result. There is an
enormous requirement for a Linux Syslog. If you wish you may wish to
publish on web.
Kind Regards
Scott :-)
Carlos E. R. wrote:
>
> The Sunday 2007-04-22 at 07:47 +1000, Registration Account wrote:
>
> > Those few lines of code are just what I need. Yes off course I can use
> > KsystemLog - its all set up to chase the file as it grows by the
> > millisecond and has a wide application use. An Xterm will not offer as
> > much I feel.
>
> Oh, yes, xterm is much faster than any other gui app. Try, leave an xterm
> with "tailf logfile".
>
>
> > With respect to the substitution of the Priority codes below in place of
> > the value contained the string below as <?> is that also as easy to
> achieve.
>
> I'm not sure what you want there... syslog has standard priority values,
> but the priority is not printed, its just used to filter them out to
> different destination files if wanted.
>
> For instance:
>
> filter f_mailinfo { level(info) and facility(mail); };
> filter f_mailwarn { level(warn) and facility(mail); };
> filter f_mailerr { level(err, crit) and facility(mail); };
> filter f_mail { facility(mail); };
> filter f_myemail { level(notice) and facility(mail) and not
> (program("amavis") and match("Passed CLEAN,")); }; # info o notice
>
>
> ...
>
> destination maildebug { file("/var/log/mail.debug" ); };
> log { source(src); filter(f_mail); destination(maildebug); };
>
>
> log { source(src); filter(f_myemail); destination(mail); };
> log { source(src); filter(f_mail); destination(mail); };
>
>
>
> The "/var/log/mail.debug" file will contain all the mail messages of any
> level, but the "/var/log/mail" will only contain those of lever "notice"
> and higher importance, except those comming from the program "amavis"
> with
> certain string.
>
> But I don't know how to insert an arbitrary string indicating the level;
> for that I think you will need to hack the syslog-ng code.
>
>
>
> > Please let me know where to send chocolate!
>
> Ugh, I have half a kilo downstairs I shouldn't even look at... leave
> it as
> virtual ;-)
>
received however as I am aware of the RFC which defines syslog rules
and conventions found at
http://www.faqs.org/rfcs/rfc3164.html
I need to substitute the value in <?> for the following before the log is created.
This is where we get the definitions of
Where the number enclosed by < > is equal to
0 Emergency: system is unusable
1 Alert: action must be taken immediately
2 Critical: critical conditions
3 Error: error conditions
4 Warning: warning conditions
5 Notice: normal but significant condition
6 Informational: informational messages
7 Debug: debug-level message
Within standard syslog information as I quoted
[2007-04-21 17:31:55] *<6>*EFW: ALG: prio=1 algmod=http algsesid=70500
action=close reason=backlisted_url..........
In the above this represents an Informational event. It it were to be a 4 this would substitute the work 'warning' As ALL syslog messages conform to at least these 2 mandatory fields can I incorporate your code and see any value enclosed in *< >* and have it substitute for the correct Event Title. Normal expectations of messages are about.
38,000 mph - again dependant on staff numbers.
I am in the process of building a dedicated Linux PC to perform just this function. under normal usage you would expect up to 38,000 messages per hour during heavy traffic. Hence I have a management model to do all the statistical work and trends. (Linux)
After I succeed I will be happy to provide the result. There is an
enormous requirement for a Linux Syslog. If you wish you may wish to
publish on web.
Kind Regards
Scott :-)
Carlos E. R. wrote:
>
> The Sunday 2007-04-22 at 07:47 +1000, Registration Account wrote:
>
> > Those few lines of code are just what I need. Yes off course I can use
> > KsystemLog - its all set up to chase the file as it grows by the
> > millisecond and has a wide application use. An Xterm will not offer as
> > much I feel.
>
> Oh, yes, xterm is much faster than any other gui app. Try, leave an xterm
> with "tailf logfile".
>
>
> > With respect to the substitution of the Priority codes below in place of
> > the value contained the string below as <?> is that also as easy to
> achieve.
>
> I'm not sure what you want there... syslog has standard priority values,
> but the priority is not printed, its just used to filter them out to
> different destination files if wanted.
>
> For instance:
>
> filter f_mailinfo { level(info) and facility(mail); };
> filter f_mailwarn { level(warn) and facility(mail); };
> filter f_mailerr { level(err, crit) and facility(mail); };
> filter f_mail { facility(mail); };
> filter f_myemail { level(notice) and facility(mail) and not
> (program("amavis") and match("Passed CLEAN,")); }; # info o notice
>
>
> ...
>
> destination maildebug { file("/var/log/mail.debug" ); };
> log { source(src); filter(f_mail); destination(maildebug); };
>
>
> log { source(src); filter(f_myemail); destination(mail); };
> log { source(src); filter(f_mail); destination(mail); };
>
>
>
> The "/var/log/mail.debug" file will contain all the mail messages of any
> level, but the "/var/log/mail" will only contain those of lever "notice"
> and higher importance, except those comming from the program "amavis"
> with
> certain string.
>
> But I don't know how to insert an arbitrary string indicating the level;
> for that I think you will need to hack the syslog-ng code.
>
>
>
> > Please let me know where to send chocolate!
>
> Ugh, I have half a kilo downstairs I shouldn't even look at... leave
> it as
> virtual ;-)
>
| < Previous | Next > |