* Gerardo Amaya <joseg@private>
> Hello all. I've been trying to analize syslog messages from Watchguard
> and NetScreen Boxes I'm trying to parse the content, I can get a lot
> of values from the messages but the value that I can't find anywhere
> is the severity(not even the facility). the content of the message is
> very rich but I have not figure out how to get the severity. I see
> that syslog messages from both boxes starts with <digit>, is that the
> severity and the facilty. Where can I find this values?
To tear apart the syslog protocol, have a look at this script:
http://sial.org/code/perl/scripts/syslog_snarf.pl
Most syslogd strip the facility and priority information. Some syslogd
offer options to add these flags to the logfiles (-v -v on FreeBSD?) and
others, such as syslog-ng, let you template the output:
destination messages {
file("/var/log/archive/messages/$R_YEAR/$R_MONTH/$R_YEAR-$R_MONTH-$R_DAY"
template("$ISODATE <$FACILITY.$PRIORITY> $HOST $MSG\n")
template_escape(no)
);
};
For more information on syslog-ng, see:
http://sial.org/howto/logging/syslog-ng/
_______________________________________________
LogAnalysis mailing list
LogAnalysis@private
http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2.1.3 : Wed Sep 28 2005 - 11:41:11 PDT