Syslog-NG filtering with tags - RHEL 7.x
Clash Royale CLAN TAG#URR8PPP
up vote
0
down vote
favorite
In the below list of syslog messages:
# tail -9 /var/log/messages
Oct 9 14:15:39 machine1 puppet-agent[14371]: Finished catalog run in 6.68 seconds
Oct 9 14:45:31 machine1 puppet-agent[12234]: The package type's allow_virtual parameter will be changing its default value from false to true in a future release. If you do not want to allow virtual packages, please explicitly set allow_virtual to false.
Oct 9 14:45:31 machine1 puppet-agent[100174]: (at /usr/share/ruby/vendor_ruby/puppet/type.rb:816:in `set_default')
Oct 9 14:45:32 machine1 auditd[1084]: Audit daemon rotating log files
Oct 9 14:45:37 machine1 puppet-agent[100174]: Finished catalog run in 5.71 seconds
Oct 9 15:15:30 machine1 puppet-agent[102964]: The package type's allow_virtual parameter will be changing its default value from false to true in a future release. If you do not want to allow virtual packages, please explicitly set allow_virtual to false.
Oct 9 15:15:30 machine1 puppet-agent[102964]: (at /usr/share/ruby/vendor_ruby/puppet/type.rb:816:in `set_default')
Oct 9 15:15:37 machine1 puppet-agent[102964]: Finished catalog run in 6.31 seconds
Oct 9 15:21:17 machine1 su: (to root) user1 on pts/0
sample tags are puppet-agent[14371], auditd[1084] & su etc...
To filter syslog messages based on tags without process id, we use program filter, as shown below:
filter tag_based program(puppet_agent); ;
But, every tag may or may not be appended with processid, as per above messages.
How to filter tags appended with/without process id?
linux configuration syslog-ng
asked 15 mins ago
overexchange
327212
add a comment |Â
up vote
0
down vote
favorite
In the below list of syslog messages:
# tail -9 /var/log/messages
Oct 9 14:15:39 machine1 puppet-agent[14371]: Finished catalog run in 6.68 seconds
Oct 9 14:45:31 machine1 puppet-agent[12234]: The package type's allow_virtual parameter will be changing its default value from false to true in a future release. If you do not want to allow virtual packages, please explicitly set allow_virtual to false.
Oct 9 14:45:31 machine1 puppet-agent[100174]: (at /usr/share/ruby/vendor_ruby/puppet/type.rb:816:in `set_default')
Oct 9 14:45:32 machine1 auditd[1084]: Audit daemon rotating log files
Oct 9 14:45:37 machine1 puppet-agent[100174]: Finished catalog run in 5.71 seconds
Oct 9 15:15:30 machine1 puppet-agent[102964]: The package type's allow_virtual parameter will be changing its default value from false to true in a future release. If you do not want to allow virtual packages, please explicitly set allow_virtual to false.
Oct 9 15:15:30 machine1 puppet-agent[102964]: (at /usr/share/ruby/vendor_ruby/puppet/type.rb:816:in `set_default')
Oct 9 15:15:37 machine1 puppet-agent[102964]: Finished catalog run in 6.31 seconds
Oct 9 15:21:17 machine1 su: (to root) user1 on pts/0
sample tags are puppet-agent[14371], auditd[1084] & su etc...
To filter syslog messages based on tags without process id, we use program filter, as shown below:
filter tag_based program(puppet_agent); ;
But, every tag may or may not be appended with processid, as per above messages.
How to filter tags appended with/without process id?
linux configuration syslog-ng
asked 15 mins ago
overexchange
327212
add a comment |Â
up vote
0
down vote
favorite
up vote
0
down vote
favorite
In the below list of syslog messages:
# tail -9 /var/log/messages
Oct 9 14:15:39 machine1 puppet-agent[14371]: Finished catalog run in 6.68 seconds
Oct 9 14:45:31 machine1 puppet-agent[12234]: The package type's allow_virtual parameter will be changing its default value from false to true in a future release. If you do not want to allow virtual packages, please explicitly set allow_virtual to false.
Oct 9 14:45:31 machine1 puppet-agent[100174]: (at /usr/share/ruby/vendor_ruby/puppet/type.rb:816:in `set_default')
Oct 9 14:45:32 machine1 auditd[1084]: Audit daemon rotating log files
Oct 9 14:45:37 machine1 puppet-agent[100174]: Finished catalog run in 5.71 seconds
Oct 9 15:15:30 machine1 puppet-agent[102964]: The package type's allow_virtual parameter will be changing its default value from false to true in a future release. If you do not want to allow virtual packages, please explicitly set allow_virtual to false.
Oct 9 15:15:30 machine1 puppet-agent[102964]: (at /usr/share/ruby/vendor_ruby/puppet/type.rb:816:in `set_default')
Oct 9 15:15:37 machine1 puppet-agent[102964]: Finished catalog run in 6.31 seconds
Oct 9 15:21:17 machine1 su: (to root) user1 on pts/0
sample tags are puppet-agent[14371], auditd[1084] & su etc...
To filter syslog messages based on tags without process id, we use program filter, as shown below:
filter tag_based program(puppet_agent); ;
But, every tag may or may not be appended with processid, as per above messages.
How to filter tags appended with/without process id?
linux configuration syslog-ng
asked 15 mins ago
overexchange
327212
In the below list of syslog messages:
# tail -9 /var/log/messages
Oct 9 14:15:39 machine1 puppet-agent[14371]: Finished catalog run in 6.68 seconds
Oct 9 14:45:31 machine1 puppet-agent[12234]: The package type's allow_virtual parameter will be changing its default value from false to true in a future release. If you do not want to allow virtual packages, please explicitly set allow_virtual to false.
Oct 9 14:45:31 machine1 puppet-agent[100174]: (at /usr/share/ruby/vendor_ruby/puppet/type.rb:816:in `set_default')
Oct 9 14:45:32 machine1 auditd[1084]: Audit daemon rotating log files
Oct 9 14:45:37 machine1 puppet-agent[100174]: Finished catalog run in 5.71 seconds
Oct 9 15:15:30 machine1 puppet-agent[102964]: The package type's allow_virtual parameter will be changing its default value from false to true in a future release. If you do not want to allow virtual packages, please explicitly set allow_virtual to false.
Oct 9 15:15:30 machine1 puppet-agent[102964]: (at /usr/share/ruby/vendor_ruby/puppet/type.rb:816:in `set_default')
Oct 9 15:15:37 machine1 puppet-agent[102964]: Finished catalog run in 6.31 seconds
Oct 9 15:21:17 machine1 su: (to root) user1 on pts/0
sample tags are puppet-agent[14371], auditd[1084] & su etc...
To filter syslog messages based on tags without process id, we use program filter, as shown below:
filter tag_based program(puppet_agent); ;
But, every tag may or may not be appended with processid, as per above messages.
How to filter tags appended with/without process id?
linux configuration syslog-ng
linux configuration syslog-ng
asked 15 mins ago
overexchange
327212
asked 15 mins ago
overexchange
327212
asked 15 mins ago
overexchange
327212
asked 15 mins ago
overexchange
327212
asked 15 mins ago
overexchange
327212
327212
add a comment |Â
add a comment |Â
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
Â
draft saved
draft discarded
Â
draft saved
draft discarded
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f475159%2fsyslog-ng-filtering-with-tags-rhel-7-x%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
