syslog-ng to remove multiple timestamps
Clash Royale CLAN TAG#URR8PPP
up vote
0
down vote
favorite
In the below configuration,
@version: 3.17
source s_network
udp(
flags(syslog_protocol)
keep_hostname(yes)
keep_timestamp(yes)
use_dns(no)
use_fqdn(no)
);
;
destination d_all_logs
file("/app/syslog-ng/custom/output/all_devices.log");
;
log
source(s_network);
destination(d_all_logs);
;
incoming message is:
[root@machine ~]# tcpdump -v dst port 514
14:41:30.097509 IP (tos 0x0, ttl 243, id 4483, offset 0, flags [none], proto UDP (17), length 127)
machine2.def.com.49239 > machine.abc.com.syslog: SYSLOG, length: 99
Facility local7 (23), Severity error (3)
Msg: 4483: 030842: Oct 30 18:41:30.081 UTC: %SYS-3-DUP_TIMER: Same tty2 in linewatch_timers, type 2
where nslookup machine2.def.com gives 10.69.20.11
that is stored as
[root@machine ~]# cat /app/syslog-ng/custom/output/all_devices.log | grep "030842: Oct 30 18:41:30.081"
Oct 30 14:41:30 10.69.20.11 030842: Oct 30 18:41:30.081 UTC: %SYS-3-DUP_TIMER: Same tty2 in linewatch_timers, type 2
syslog-ng running on machine appends its own time stamp in log file(Oct 30 14:41:30), in addition to sender's timestamp.
Message should look like Oct 30 18:41:30.081 UTC 10.69.20.11 030842: %SYS-3-DUP_TIMER: Same tty2 in linewatch_timers, type 2
What are the changes required in the configuration?
syslog syslog-ng
asked 49 mins ago
overexchange
356213
add a comment |Â
up vote
0
down vote
favorite
In the below configuration,
@version: 3.17
source s_network
udp(
flags(syslog_protocol)
keep_hostname(yes)
keep_timestamp(yes)
use_dns(no)
use_fqdn(no)
);
;
destination d_all_logs
file("/app/syslog-ng/custom/output/all_devices.log");
;
log
source(s_network);
destination(d_all_logs);
;
incoming message is:
[root@machine ~]# tcpdump -v dst port 514
14:41:30.097509 IP (tos 0x0, ttl 243, id 4483, offset 0, flags [none], proto UDP (17), length 127)
machine2.def.com.49239 > machine.abc.com.syslog: SYSLOG, length: 99
Facility local7 (23), Severity error (3)
Msg: 4483: 030842: Oct 30 18:41:30.081 UTC: %SYS-3-DUP_TIMER: Same tty2 in linewatch_timers, type 2
where nslookup machine2.def.com gives 10.69.20.11
that is stored as
[root@machine ~]# cat /app/syslog-ng/custom/output/all_devices.log | grep "030842: Oct 30 18:41:30.081"
Oct 30 14:41:30 10.69.20.11 030842: Oct 30 18:41:30.081 UTC: %SYS-3-DUP_TIMER: Same tty2 in linewatch_timers, type 2
syslog-ng running on machine appends its own time stamp in log file(Oct 30 14:41:30), in addition to sender's timestamp.
Message should look like Oct 30 18:41:30.081 UTC 10.69.20.11 030842: %SYS-3-DUP_TIMER: Same tty2 in linewatch_timers, type 2
What are the changes required in the configuration?
syslog syslog-ng
asked 49 mins ago
overexchange
356213
add a comment |Â
up vote
0
down vote
favorite
up vote
0
down vote
favorite
In the below configuration,
@version: 3.17
source s_network
udp(
flags(syslog_protocol)
keep_hostname(yes)
keep_timestamp(yes)
use_dns(no)
use_fqdn(no)
);
;
destination d_all_logs
file("/app/syslog-ng/custom/output/all_devices.log");
;
log
source(s_network);
destination(d_all_logs);
;
incoming message is:
[root@machine ~]# tcpdump -v dst port 514
14:41:30.097509 IP (tos 0x0, ttl 243, id 4483, offset 0, flags [none], proto UDP (17), length 127)
machine2.def.com.49239 > machine.abc.com.syslog: SYSLOG, length: 99
Facility local7 (23), Severity error (3)
Msg: 4483: 030842: Oct 30 18:41:30.081 UTC: %SYS-3-DUP_TIMER: Same tty2 in linewatch_timers, type 2
where nslookup machine2.def.com gives 10.69.20.11
that is stored as
[root@machine ~]# cat /app/syslog-ng/custom/output/all_devices.log | grep "030842: Oct 30 18:41:30.081"
Oct 30 14:41:30 10.69.20.11 030842: Oct 30 18:41:30.081 UTC: %SYS-3-DUP_TIMER: Same tty2 in linewatch_timers, type 2
syslog-ng running on machine appends its own time stamp in log file(Oct 30 14:41:30), in addition to sender's timestamp.
Message should look like Oct 30 18:41:30.081 UTC 10.69.20.11 030842: %SYS-3-DUP_TIMER: Same tty2 in linewatch_timers, type 2
What are the changes required in the configuration?
syslog syslog-ng
asked 49 mins ago
overexchange
356213
In the below configuration,
@version: 3.17
source s_network
udp(
flags(syslog_protocol)
keep_hostname(yes)
keep_timestamp(yes)
use_dns(no)
use_fqdn(no)
);
;
destination d_all_logs
file("/app/syslog-ng/custom/output/all_devices.log");
;
log
source(s_network);
destination(d_all_logs);
;
incoming message is:
[root@machine ~]# tcpdump -v dst port 514
14:41:30.097509 IP (tos 0x0, ttl 243, id 4483, offset 0, flags [none], proto UDP (17), length 127)
machine2.def.com.49239 > machine.abc.com.syslog: SYSLOG, length: 99
Facility local7 (23), Severity error (3)
Msg: 4483: 030842: Oct 30 18:41:30.081 UTC: %SYS-3-DUP_TIMER: Same tty2 in linewatch_timers, type 2
where nslookup machine2.def.com gives 10.69.20.11
that is stored as
[root@machine ~]# cat /app/syslog-ng/custom/output/all_devices.log | grep "030842: Oct 30 18:41:30.081"
Oct 30 14:41:30 10.69.20.11 030842: Oct 30 18:41:30.081 UTC: %SYS-3-DUP_TIMER: Same tty2 in linewatch_timers, type 2
syslog-ng running on machine appends its own time stamp in log file(Oct 30 14:41:30), in addition to sender's timestamp.
Message should look like Oct 30 18:41:30.081 UTC 10.69.20.11 030842: %SYS-3-DUP_TIMER: Same tty2 in linewatch_timers, type 2
What are the changes required in the configuration?
syslog syslog-ng
syslog syslog-ng
asked 49 mins ago
overexchange
356213
asked 49 mins ago
overexchange
356213
edited 24 mins ago
asked 49 mins ago
overexchange
356213
asked 49 mins ago
overexchange
356213
asked 49 mins ago
overexchange
356213
356213
add a comment |Â
add a comment |Â
1 Answer
1
active
oldest
votes
up vote
0
down vote
For modifying the logs to the format you intend, you edit the syslog-ng.conf file.
You then define an output syslog template. It should be something similar to:
template template_format
template("$MSGHDR $HOST $MSGn");
template_escape(no);
;
and then apply the template to the destination as in:
destination d_all_logs
file("/app/syslog-ng/custom/output/all_devices.log" template(template_format) );
;
Do not forget to restart syslog-ng
answered 20 mins ago
Rui F Ribeiro
37.8k1475120
add a comment |Â
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
0
down vote
For modifying the logs to the format you intend, you edit the syslog-ng.conf file.
You then define an output syslog template. It should be something similar to:
template template_format
template("$MSGHDR $HOST $MSGn");
template_escape(no);
;
and then apply the template to the destination as in:
destination d_all_logs
file("/app/syslog-ng/custom/output/all_devices.log" template(template_format) );
;
Do not forget to restart syslog-ng
answered 20 mins ago
Rui F Ribeiro
37.8k1475120
add a comment |Â
up vote
0
down vote
For modifying the logs to the format you intend, you edit the syslog-ng.conf file.
You then define an output syslog template. It should be something similar to:
template template_format
template("$MSGHDR $HOST $MSGn");
template_escape(no);
;
and then apply the template to the destination as in:
destination d_all_logs
file("/app/syslog-ng/custom/output/all_devices.log" template(template_format) );
;
Do not forget to restart syslog-ng
answered 20 mins ago
Rui F Ribeiro
37.8k1475120
add a comment |Â
up vote
0
down vote
up vote
0
down vote
For modifying the logs to the format you intend, you edit the syslog-ng.conf file.
You then define an output syslog template. It should be something similar to:
template template_format
template("$MSGHDR $HOST $MSGn");
template_escape(no);
;
and then apply the template to the destination as in:
destination d_all_logs
file("/app/syslog-ng/custom/output/all_devices.log" template(template_format) );
;
Do not forget to restart syslog-ng
answered 20 mins ago
Rui F Ribeiro
37.8k1475120
For modifying the logs to the format you intend, you edit the syslog-ng.conf file.
You then define an output syslog template. It should be something similar to:
template template_format
template("$MSGHDR $HOST $MSGn");
template_escape(no);
;
and then apply the template to the destination as in:
destination d_all_logs
file("/app/syslog-ng/custom/output/all_devices.log" template(template_format) );
;
Do not forget to restart syslog-ng
answered 20 mins ago
Rui F Ribeiro
37.8k1475120
answered 20 mins ago
Rui F Ribeiro
37.8k1475120
answered 20 mins ago
Rui F Ribeiro
37.8k1475120
answered 20 mins ago
Rui F Ribeiro
37.8k1475120
37.8k1475120
add a comment |Â
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f478721%2fsyslog-ng-to-remove-multiple-timestamps%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
