Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Format of messages at /var/log/messages
- Thread starter ddrillich
- Start date
Annihilannic
MIS
The format of messages in /var/log/messages is generally controlled by the syslogd (system logger daemon). If it is a "classic" version it will use /etc/syslogd.conf, which defines where each type of message is logged. If is a "new generation" version it will probably use configuration files in the /etc/syslog-ng directory.
You can experiment using the logger command. Something like logger "this is a test" should result in a line similar to this in the system log:
With the classic system logger the format isn't usually very configurable. The new generation one (which I don't know very well) presumably lets you change all sorts of stuff...
Annihilannic.
You can experiment using the logger command. Something like logger "this is a test" should result in a line similar to this in the system log:
Code:
Feb 12 09:37:51 somesystem joeuser: this is a testWith the classic system logger the format isn't usually very configurable. The new generation one (which I don't know very well) presumably lets you change all sorts of stuff...
Annihilannic.
I can attest to the flexibility of syslog-ng. I really prefer it over classic syslog.
For instance, I can specify the output of the log using variable substitution.
My output looks like so
With my current set up I do not need to rotate my logs at all. I just have my system configured to use syslog-ng's facilities and it rotates the log files automatically. I use a cron job to link /var/log/messages to the current log file at the beginning of each day.
Of course there are a few packages that keep their own log files so those use logrotate. But I've been playing with using named pipes and having syslog-ng pickup the data. So far it's been working like a charm. I just need to identify all the loose ends to have a truly one log daemon system.
And it really helps with a centralized logging set up.
For instance, I can specify the output of the log using variable substitution.
Code:
source src_localhost { unix-stream("/dev/log"); internal(); pipe("/proc/kmsg"); };
destination localhost_messages { file("/var/log/$R_YEAR/$R_MONTH/$R_YEAR-$R_MONTH-$R_DAY.localhost"
template("$ISODATE <$FACILITY.$PRIORITY> $HOST $MSG\n")
template_escape(no) );
};
log { source(src_localhost); destination(localhost_messages); };
Code:
2010-02-11T17:50:01-07:00 <cron.info> donbot cron[2541]: (root) CMD (test -x /usr/sbin/run-crons && /usr/sbin/run-crons )Of course there are a few packages that keep their own log files so those use logrotate. But I've been playing with using named pipes and having syslog-ng pickup the data. So far it's been working like a charm. I just need to identify all the loose ends to have a truly one log daemon system.
And it really helps with a centralized logging set up.
elgrandeperro
Technical User
Yeah, please don't write your own logformat and append it to the log file.
By letting syslog handle it, you can route it pretty much as you wish. All you have to do is figure out loglevels and
priorities. There is no standard after that.
Almost all programming languages have some interface to syslog (perl,shell(logger),c) on unix.
By letting syslog handle it, you can route it pretty much as you wish. All you have to do is figure out loglevels and
priorities. There is no standard after that.
Almost all programming languages have some interface to syslog (perl,shell(logger),c) on unix.
- Thread starter
- #5
- Status