Submission: Config for checking syslog-ng (and probably other 'regular') syslog files.

walter.brock's Avatar

walter.brock

12 Jan, 2014 02:28 PM

I have another machine running syslog-ng, which uses the more traditional syslog format when writing to /var/log/messages. So here's is the config for that one. Hope someone finds it useful!

"syslog1": { "display" : "Syslog", "path" : "/var/log/messages", "refresh" : 5, "max" : 50, "notify" : false, "format" : { "regex": "|(.*?) ([0-9]{1,2}) ([0-9]{1,2}:[0-9]{1,2}:[0-9]{1,2}) ([a-zA-Z0-9_\-\.]{1,256}) ([A-Za-z0-9_\-\/\.]{1,32})\[(.*?)\]:(.*)|", "match": { "Date" : 3, "Source" : 4, "Tag_ID" : 5, "PID" : 6, "Message" : 7 }, "types": { "Date" : "date:H:i:s", "Source" : "txt", "Tag_ID" : "txt", "PID" : "numeral", "Message" : "txt" } } }

  1. Support Staff 1 Posted by potsky on 12 Jan, 2014 07:18 PM

    potsky's Avatar

    Hi Walter,

    thank you for this contribution!

    Here is the formatted version :

    "syslog1": {
        "display": "Syslog",
        "path": "/var/log/messages",
        "refresh": 5,
        "max": 50,
        "notify": false,
        "format": {
            "regex": "|(.*?) ([0-9]{1,2}) ([0-9]{1,2}:[0-9]{1,2}:[0-9]{1,2}) ([a-zA-Z0-9_\-\.]{1,256}) ([A-Za-z0-9_\-\/\.]{1,32})\[(.*?)\]:(.*)|",
            "match": {
                "Date": 3,
                "Source": 4,
                "Tag_ID": 5,
                "PID": 6,
                "Message": 7
            },
            "types": {
                "Date": "date:H:i:s",
                "Source": "txt",
                "Tag_ID": "txt",
                "PID": "numeral",
                "Message": "txt"
            }
        }
    }
    

    Could you provide us a sample of a matched log line please?

  2. 2 Posted by walter.brock on 13 Jan, 2014 04:00 PM

    walter.brock's Avatar

    Sorry for the delay, I missed the request for the log sample yesterday.

    Please see attached.

    Have A Great Day!

  3. Support Staff 3 Posted by potsky on 15 Jan, 2014 09:39 AM

    potsky's Avatar

    Thank you Walter!

  4. potsky closed this discussion on 15 Jul, 2014 11:13 AM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac