Syslog-NG filtering with tags - RHEL 7.x
Clash Royale CLAN TAG#URR8PPP
up vote
0
down vote
favorite
In the below list of syslog messages:
# tail -9 /var/log/messages
Oct 9 14:15:39 machine1 puppet-agent[14371]: Finished catalog run in 6.68 seconds
Oct 9 14:45:31 machine1 puppet-agent[12234]: The package type's allow_virtual parameter will be changing its default value from false to true in a future release. If you do not want to allow virtual packages, please explicitly set allow_virtual to false.
Oct 9 14:45:31 machine1 puppet-agent[100174]: (at /usr/share/ruby/vendor_ruby/puppet/type.rb:816:in `set_default')
Oct 9 14:45:32 machine1 auditd[1084]: Audit daemon rotating log files
Oct 9 14:45:37 machine1 puppet-agent[100174]: Finished catalog run in 5.71 seconds
Oct 9 15:15:30 machine1 puppet-agent[102964]: The package type's allow_virtual parameter will be changing its default value from false to true in a future release. If you do not want to allow virtual packages, please explicitly set allow_virtual to false.
Oct 9 15:15:30 machine1 puppet-agent[102964]: (at /usr/share/ruby/vendor_ruby/puppet/type.rb:816:in `set_default')
Oct 9 15:15:37 machine1 puppet-agent[102964]: Finished catalog run in 6.31 seconds
Oct 9 15:21:17 machine1 su: (to root) user1 on pts/0
sample tags are puppet-agent[14371]
, auditd[1084]
& su
etc...
To filter syslog messages based on tags without process id, we use program
filter, as shown below:
filter tag_based program(puppet_agent); ;
But, every tag may or may not be appended with processid, as per above messages.
How to filter tags appended with/without process id?
linux configuration syslog-ng
add a comment |Â
up vote
0
down vote
favorite
In the below list of syslog messages:
# tail -9 /var/log/messages
Oct 9 14:15:39 machine1 puppet-agent[14371]: Finished catalog run in 6.68 seconds
Oct 9 14:45:31 machine1 puppet-agent[12234]: The package type's allow_virtual parameter will be changing its default value from false to true in a future release. If you do not want to allow virtual packages, please explicitly set allow_virtual to false.
Oct 9 14:45:31 machine1 puppet-agent[100174]: (at /usr/share/ruby/vendor_ruby/puppet/type.rb:816:in `set_default')
Oct 9 14:45:32 machine1 auditd[1084]: Audit daemon rotating log files
Oct 9 14:45:37 machine1 puppet-agent[100174]: Finished catalog run in 5.71 seconds
Oct 9 15:15:30 machine1 puppet-agent[102964]: The package type's allow_virtual parameter will be changing its default value from false to true in a future release. If you do not want to allow virtual packages, please explicitly set allow_virtual to false.
Oct 9 15:15:30 machine1 puppet-agent[102964]: (at /usr/share/ruby/vendor_ruby/puppet/type.rb:816:in `set_default')
Oct 9 15:15:37 machine1 puppet-agent[102964]: Finished catalog run in 6.31 seconds
Oct 9 15:21:17 machine1 su: (to root) user1 on pts/0
sample tags are puppet-agent[14371]
, auditd[1084]
& su
etc...
To filter syslog messages based on tags without process id, we use program
filter, as shown below:
filter tag_based program(puppet_agent); ;
But, every tag may or may not be appended with processid, as per above messages.
How to filter tags appended with/without process id?
linux configuration syslog-ng
add a comment |Â
up vote
0
down vote
favorite
up vote
0
down vote
favorite
In the below list of syslog messages:
# tail -9 /var/log/messages
Oct 9 14:15:39 machine1 puppet-agent[14371]: Finished catalog run in 6.68 seconds
Oct 9 14:45:31 machine1 puppet-agent[12234]: The package type's allow_virtual parameter will be changing its default value from false to true in a future release. If you do not want to allow virtual packages, please explicitly set allow_virtual to false.
Oct 9 14:45:31 machine1 puppet-agent[100174]: (at /usr/share/ruby/vendor_ruby/puppet/type.rb:816:in `set_default')
Oct 9 14:45:32 machine1 auditd[1084]: Audit daemon rotating log files
Oct 9 14:45:37 machine1 puppet-agent[100174]: Finished catalog run in 5.71 seconds
Oct 9 15:15:30 machine1 puppet-agent[102964]: The package type's allow_virtual parameter will be changing its default value from false to true in a future release. If you do not want to allow virtual packages, please explicitly set allow_virtual to false.
Oct 9 15:15:30 machine1 puppet-agent[102964]: (at /usr/share/ruby/vendor_ruby/puppet/type.rb:816:in `set_default')
Oct 9 15:15:37 machine1 puppet-agent[102964]: Finished catalog run in 6.31 seconds
Oct 9 15:21:17 machine1 su: (to root) user1 on pts/0
sample tags are puppet-agent[14371]
, auditd[1084]
& su
etc...
To filter syslog messages based on tags without process id, we use program
filter, as shown below:
filter tag_based program(puppet_agent); ;
But, every tag may or may not be appended with processid, as per above messages.
How to filter tags appended with/without process id?
linux configuration syslog-ng
In the below list of syslog messages:
# tail -9 /var/log/messages
Oct 9 14:15:39 machine1 puppet-agent[14371]: Finished catalog run in 6.68 seconds
Oct 9 14:45:31 machine1 puppet-agent[12234]: The package type's allow_virtual parameter will be changing its default value from false to true in a future release. If you do not want to allow virtual packages, please explicitly set allow_virtual to false.
Oct 9 14:45:31 machine1 puppet-agent[100174]: (at /usr/share/ruby/vendor_ruby/puppet/type.rb:816:in `set_default')
Oct 9 14:45:32 machine1 auditd[1084]: Audit daemon rotating log files
Oct 9 14:45:37 machine1 puppet-agent[100174]: Finished catalog run in 5.71 seconds
Oct 9 15:15:30 machine1 puppet-agent[102964]: The package type's allow_virtual parameter will be changing its default value from false to true in a future release. If you do not want to allow virtual packages, please explicitly set allow_virtual to false.
Oct 9 15:15:30 machine1 puppet-agent[102964]: (at /usr/share/ruby/vendor_ruby/puppet/type.rb:816:in `set_default')
Oct 9 15:15:37 machine1 puppet-agent[102964]: Finished catalog run in 6.31 seconds
Oct 9 15:21:17 machine1 su: (to root) user1 on pts/0
sample tags are puppet-agent[14371]
, auditd[1084]
& su
etc...
To filter syslog messages based on tags without process id, we use program
filter, as shown below:
filter tag_based program(puppet_agent); ;
But, every tag may or may not be appended with processid, as per above messages.
How to filter tags appended with/without process id?
linux configuration syslog-ng
linux configuration syslog-ng
asked 15 mins ago
overexchange
327212
327212
add a comment |Â
add a comment |Â
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f475159%2fsyslog-ng-filtering-with-tags-rhel-7-x%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password