Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Is it possible to prepend/append/insert a string to syslog? Or syslog-ng? I need to have a unique identifier in the syslog logs that I'm forwarding to a syslog-ng loghost server, but I can't seem to find out if it's possible to insert a string into syslog and/or syslog-ng.
Well it depends what you're really after. syslog-ng can have templates in the config file where you can take the inbound syslog message and format the log into arbitrary formats, presumably inclduing strings of your own choice, but is this really what you're after? if you're after a way to identify certain clients into a networked syslog server then syslog-ng can easily be configured to do reverse DNS lookups etc... and insert these into the messages. Personally I use syslog to identify a source and write each log to a seperate file with the name of the client in it.
I'm using a central Splunk server. I'm pulling auth.* from multiple servers in addition to several Windows servers (using the Snare client) and Cisco devices. I need to insert a unique string (in this case, 'nixlog') on all the *nix servers so syslog-ng applies the correct filter against them to be put into the FIFO I've created for *nix servers (which is then applied to the correct Splunk parser).
Some of the servers have syslog, others have syslog-ng. All could be upgraded to syslog-ng if there is no option for syslog.
It uses templates with syslog-ng. Has anyone else ever done something like this with syslog-ng? Anyone have an idea how to accomplish this with just syslog?
if you're going syslog to syslog, and not able to use logging clients like "logger" then i would encourage you to deliberately use syslog-ng as a standard anyway. most distros have prepackaged syslog-ng binaries available and they are normally configured to be a 100% syslogd and ksyslog replacement, so there's no reconfiguraiton work to do unless you've already modified syslogd on the client box. an increasing number of distros are using syslog-ng by default now anyway...
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
