How To Add A Tag (Log prefix) To Syslog Entries
Within the Syslog-ng client configuration, you can specify the log_prefix() option and the string you wish to prefix a given log source. The tag has a specific syntax that must contain a : (colon) and a whitespace after the string (e.g."VC_APP: ").
Using the vCenter Server as example, we could add the following tags:
After restarting the syslog-ng client for the changes to going into effect, you can head over to your syslog server to view the updated syslog entries. In the screenshot below, we can see we have log sources from both our VC_APP(vpxd.log) and VC_IS (ds.log) entries as specified in our syslog-ng client configurations.
After restarting the syslog-ng client for the changes to going into effect, you can head over to your syslog server to view the updated syslog entries. In the screenshot below, we can see we have log sources from both our VC_APP(vpxd.log) and VC_IS (ds.log) entries as specified in our syslog-ng client configurations.
Note: For newer versions of syslog-ng, program_override() is used instead of log_prefix(). The syntax for that would be program_override("VC_APP").
Syslog-ng Multiline
Log:
2016-03-29 14:43:41.882 ERROR 19823 --- [9091-exec-11485] ....................with root causejava.lang.IllegalArgumentException: Comparison method violates its general contract!
at java.util.......~[?:1.7.0_79]
at java.util...... ~[?:1.7.0_79]
file("/opt/logs/data/error.log"
follow_freq(1)
multi-line-mode(regexp)
multi-line-prefix("^\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}");
};
Nhận xét
Đăng nhận xét