Back to your phpLogCon instanceI am currently using:
---
$template DynFile,"/var/log/HOST_LOGS/%HOSTNAME%_%timegenerated:1:10:date-rfc3339%.log"
*.* /var/log/everything
:source , !isequal , "localhost" ?DynFile
---
and its VERY nice!
However, previous syslog messages looked like this:
Sep 9 17:17:38 hostname kernel: klogd 1.4.1, log source = /proc/kmsg started.
Now they are looking like this:
2009-06-08T19:57:53.254434-07:00 hostname kernel: imklog 3.22.0, log source = /proc/kmsg started.
Whis is really causing problems with scripts and monitoring tools.
I tried to mess around with property replacement but I got no where.
How can I replace the timestamps globally from the highres version back to the traditional format of "Sep 9 17:17:38"
Any ideas?
Thanks!
-Thomas
PS I tried using some variations of
%timegenerated:::date-rfc3339%
On its own line in the conf file. I take it this not the proper place/method of doing a global replace.
Errors below:
2009-06-08T20:21:14.664229-07:00 hostname rsyslogd-3000: unknown priority name "" [try http://www.rsyslog.com/e/3000 ]
2009-06-08T20:21:14.664462-07:00 hostname rsyslogd: the last error occured in /etc/rsyslog.conf, line 24
2009-06-08T20:21:14.664536-07:00 hostname rsyslogd: warning: selector line without actions will be discarded
rsyslog.conf question
Moderator: rgerhards
3 posts • Page 1 of 1
Professional Services Information
- Custom written rsyslog.conf?
- Maintenance Contract?
- Installation support?
Re: rsyslog.conf question
by varmojfekoj » Tue Jun 09, 2009 11:06 am
Adding this to your config file might help:
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
See http://www.rsyslog.com/doc-rsyslog_conf_global.html
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
See http://www.rsyslog.com/doc-rsyslog_conf_global.html
- varmojfekoj
- New
- Posts: 9
- Joined: Tue Dec 25, 2007 5:29 pm
RESOLVED- Re: rsyslog.conf question
by Zxin » Tue Jun 09, 2009 10:17 pm
Perfect! Worked like a charm!
Thank you VERY much!
I played around with the RSYSLOG_TraditionalFileFormat, just didn't know where to put it.
It makes perfect sense, however this is a radical departure from the traditional syslog.cong and I am still getting used to things.
Thanks for your time and assistance.
And thanks to all the devs and others who put together this awesome app.
-Thoams
Thank you VERY much!
I played around with the RSYSLOG_TraditionalFileFormat, just didn't know where to put it.
It makes perfect sense, however this is a radical departure from the traditional syslog.cong and I am still getting used to things.
Thanks for your time and assistance.
And thanks to all the devs and others who put together this awesome app.
-Thoams
varmojfekoj wrote:Adding this to your config file might help:
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
See http://www.rsyslog.com/doc-rsyslog_conf_global.html
- Zxin
- New
- Posts: 2
- Joined: Tue Jun 09, 2009 3:45 am
Google Ads
3 posts • Page 1 of 1
Who is online
Users browsing this forum: psbot [Picsearch] and 2 guests
