On Mon, Oct 27, 2003 at 06:46:38PM +0100, Rainer Gerhards wrote:
> The sysklogd package that comes with (many/most/some?) Linuxes does NOT
> support this. Also, "-v" spits out version information with it. I just
> checked the source. Patching shouldn't be terribly bad (modify logmsg()
No need - just get syslog-ng and change the template to something like we use:
destination d_messages {
file("/var/log/messages"
template("$R_ISODATE $HOST $FACILITY $PRIORITY $MSG\n")
template_escape(no)
...
}
Note: be wary of the "$R_ISODATE" - that makes timestamps like
"2003-10-28T03:17:34+0000" - which is great in our multi-national
environment - but breaks most syslog output parsers out there :-( You'd
probably want to stick to the standard "$DATE" or "$FULLDATE" variable
instead.
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
_______________________________________________
LogAnalysis mailing list
LogAnalysis@private
http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Mon Oct 27 2003 - 19:46:33 PST