Problem With Facility and severity and apache logs

You need additional help with phplogcon, then write into this forum.

Google Ads


Problem With Facility and severity and apache logs

Postby Prakash » Wed Apr 20, 2011 12:20 pm

i am using Loganalyzer with syslog-ng. i am facing a problem that i am using a text data and the loganalyzer is showing facility severity and pid column empty in it. please help. also i cannot use rsyslog for my system as i have already prepared syslog-ng. so is there any way or any schema tht can match the text data in log analyzer. please help its urgent.
Prakash
New
 
Posts: 9
Joined: Wed Apr 20, 2011 12:10 pm

Urgent Question?

  • Pulling out your Hair?
  • Wasting Time and Money?
  • Deadline Approaching?

Re: Problem With Facility and severity and apache logs

Postby rgerhards » Wed Apr 20, 2011 1:28 pm

rgerhards
Site Admin
 
Posts: 3806
Joined: Thu Feb 13, 2003 11:57 am

Re: Problem With Facility and severity and apache logs

Postby Prakash » Wed Apr 20, 2011 1:53 pm

sorry i can't use mysql database. i have already use that thing. but that was rejected and i was told to use text based data. i told you i am using a text based data. so please provide me with some syslog configurations tht can match with the fields of log analyzer. the problem is that its not showing Severity and facility and processid please see to it. the data what i have used is text based and not mysql with syslog-ng. and in apache logs the url and bytes sent is showing empty.
Prakash
New
 
Posts: 9
Joined: Wed Apr 20, 2011 12:10 pm

Re: Problem With Facility and severity and apache logs

Postby alorbach » Wed Apr 20, 2011 3:42 pm

I am afraid but there is not much we can do. By default Syslog priority / facility is not written into the syslog file. So we cannot display data that is not available. If you can get syslog-ng to output valid RFC5424 data, you can use the new Loganalyzer "Logline" parser called RSyslog Format23 (RFC 5424). This will contain processable Syslog priority and facility for Loganalyzer.

Regarding the apache logs, make sure you configured the apache message parser properly, for more see here:
http://www.mwagent.com/articles/how-to- ... phplogcon/

best regards,
Andre Lorbach
alorbach
Site Admin
 
Posts: 1627
Joined: Thu Feb 13, 2003 11:55 am

Re: Problem With Facility and severity and apache logs

Postby Prakash » Thu Apr 21, 2011 11:17 am

dear andre thanks for replying i am using syslog-ng it self. please tell me where i can get this logline prasers and how to implement it. i am new to loganalyzer so does nt have much idea abt it. please help me regarding this regard. on how to use this logline prasers and where to use it. please reply as soon as you receive this post.

Prakash.
Prakash
New
 
Posts: 9
Joined: Wed Apr 20, 2011 12:10 pm

Re: Problem With Facility and severity and apache logs

Postby Prakash » Thu Apr 21, 2011 11:29 am

please also tell me how to use message prasers do we have to configure it. or have to directly use it.
Prakash
New
 
Posts: 9
Joined: Wed Apr 20, 2011 12:10 pm

Re: Problem With Facility and severity and apache logs

Postby alorbach » Thu Apr 21, 2011 11:36 am

Please take a look to the loganalyzer documentation, the logline parsers can be selected when you edit a logstream source in loganalyzer:
http://loganalyzer.adiscon.com/doc/

best regards,
Andre Lorbach
alorbach
Site Admin
 
Posts: 1627
Joined: Thu Feb 13, 2003 11:55 am

Re: Problem With Facility and severity and apache logs

Postby Prakash » Thu Apr 21, 2011 12:10 pm

dear andre i didnot got anything in the document please forward me the exact link where it is written or you tell me the steps.
Prakash
New
 
Posts: 9
Joined: Wed Apr 20, 2011 12:10 pm

Re: Problem With Facility and severity and apache logs

Postby brevius » Fri Aug 10, 2012 8:08 am

Hi,

I'm also playing with syslog-ng and trying to use format23 in Loganalyzer.
I'm trying to use following template
template("<$TAG>1 $ISODATE $HOST $PROGRAM -$PID - - $MSG\n");
But it seems only some logs are correctly understood.
Does anybody know how to force syslog-ng to use format23 lines?

Best Regards
Tomasz
brevius
New
 
Posts: 3
Joined: Fri Aug 10, 2012 7:55 am

Re: Problem With Facility and severity and apache logs

Postby brevius » Fri Aug 10, 2012 10:24 am

brevius wrote:I'm also playing with syslog-ng and trying to use format23 in Loganalyzer.


Just for the records ;-) I've found out that following template in syslog-ng works pretty fine

template("<$FACILITY_NUM$LEVEL_NUM>1 $ISODATE $HOST $PROGRAM ${PID:--} - - $MSG\n")

t.
brevius
New
 
Posts: 3
Joined: Fri Aug 10, 2012 7:55 am

Re: Problem With Facility and severity and apache logs

Postby brevius » Fri Aug 10, 2012 11:27 am

brevius wrote:template("<$FACILITY_NUM$LEVEL_NUM>1 $ISODATE $HOST $PROGRAM ${PID:--} - - $MSG\n")


I just found :-) in the loganalyzer sources:

if ( preg_match("/<([0-9]{1,3})>([0-9])
...
$arrArguments[SYSLOG_FACILITY] = $out[1] >> 3;
$arrArguments[SYSLOG_SEVERITY] = $out[1] & 0x0007;

So I think better template for syslog-ng would be:
template("<$PRI>1 $ISODATE $HOST $PROGRAM ${PID:--} - - $MSG\n")
brevius
New
 
Posts: 3
Joined: Fri Aug 10, 2012 7:55 am

Google Ads



Return to Help

Who is online

Users browsing this forum: No registered users and 0 guests

cron