LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Software (https://www.linuxquestions.org/questions/linux-software-2/)
-   -   Insert a string to Syslog? (https://www.linuxquestions.org/questions/linux-software-2/insert-a-string-to-syslog-495435/)

Ransak 10-25-2006 09:33 AM
Insert a string to Syslog?
 
Is it possible to prepend/append/insert a string to syslog? Or syslog-ng? I need to have a unique identifier in the syslog logs that I'm forwarding to a syslog-ng loghost server, but I can't seem to find out if it's possible to insert a string into syslog and/or syslog-ng.

acid_kewpie 10-25-2006 09:39 AM
Well it depends what you're really after. syslog-ng can have templates in the config file where you can take the inbound syslog message and format the log into arbitrary formats, presumably inclduing strings of your own choice, but is this really what you're after? if you're after a way to identify certain clients into a networked syslog server then syslog-ng can easily be configured to do reverse DNS lookups etc... and insert these into the messages. Personally I use syslog to identify a source and write each log to a seperate file with the name of the client in it.

Ransak 10-25-2006 09:59 AM
I'm using a central Splunk server. I'm pulling auth.* from multiple servers in addition to several Windows servers (using the Snare client) and Cisco devices. I need to insert a unique string (in this case, 'nixlog') on all the *nix servers so syslog-ng applies the correct filter against them to be put into the FIFO I've created for *nix servers (which is then applied to the correct Splunk parser).

Some of the servers have syslog, others have syslog-ng. All could be upgraded to syslog-ng if there is no option for syslog.

Ransak 10-25-2006 01:08 PM
I did find this after some searching:

https://lists.balabit.hu/pipermail/s...ry/008385.html

It uses templates with syslog-ng. Has anyone else ever done something like this with syslog-ng? Anyone have an idea how to accomplish this with just syslog?

acid_kewpie 10-26-2006 03:51 AM
if you're going syslog to syslog, and not able to use logging clients like "logger" then i would encourage you to deliberately use syslog-ng as a standard anyway. most distros have prepackaged syslog-ng binaries available and they are normally configured to be a 100% syslogd and ksyslog replacement, so there's no reconfiguraiton work to do unless you've already modified syslogd on the client box. an increasing number of distros are using syslog-ng by default now anyway...


All times are GMT -5. The time now is 07:26 AM.