On Wed, May 07, 2003 at 11:01:22AM +0200, Mike Blomgren wrote:
> While we are at it, why doesn't syslog also log which facility and level
> the messages are coming in with?...
Bizarre isn't it? You can filter on those fields within standard
syslogd.conf - but it means you're filtering facility and level based on
filenames.
That's part of the reason I use syslog-ng. You can "template" how the
formatting is done on records.
I use:
template("$R_ISODATE $HOST $FACILITY $PRIORITY $MSG\n")
Which produces records like:
2003-05-05T04:15:15+0000 srv.dom.name mail info qmail-scanner[2614]: \
Clear:SA:1(7.6/5.0): 3.35988 1980 qtz253q993dat_private \
userat_private Free_Pay-per-view_Movies \
<0wh$0-it8ys83at_private> 1052108111.2628-0.srv.dom.name:836
We run a global syslog server network - so use the ISO-8601 Date format so
that our timestamps are equally confusing to all IS staff - we're nothing if
we're not a democracy ;-)
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
_______________________________________________
LogAnalysis mailing list
LogAnalysisat_private
http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Wed May 07 2003 - 23:05:04 PDT