Comments (9)
template()
is meant to allow you to tell syslog-ng what to treat as $MESSAGE
, pretty much. That it is not documented, is a bug towards the docs team (I'll let them know).
Adding a program template is something to consider. I'll check the code.
from syslog-ng.
I believe template()
is not a very comprehensive name, especially in this case where we need one for each macro. This is why I proposed message_template
(which is not the best either ;-)) in the first place. Thanks for looking into this!
from syslog-ng.
The thing with template()
is that it has been used to change syslog-ng's idea of what $MESSAGE
is since the dawn of time, and it is everywhere. It is, of course, possible to add an alias to make that clear, especially in cases when there are other templatable fields.
from syslog-ng.
deal!
from syslog-ng.
I just checked this. The template()
parameter should be supported by dbparser and it's the same as your message_template()
. Aliasing it is easy.
The program_template()
doesn't exists, yet. Do you think this is dbparser specific or general enough to be supported by all parsers?
from syslog-ng.
program_template seems very specific to dbparser, as others only use one template.
If one were to generalize this, it would probably make more sense to allow for template
to be passed an array, e.g. [$MSG, $PROGRAM, ...]
from syslog-ng.
I think this is a good short term feature. I originally wanted to make
db-parser n dimensional, each making it possible which nvpair it would use
for matching.
But I think we don't want that but rather add this kind of filtering into
the config.
On Dec 2, 2015 4:22 PM, "Fabien Wernli" [email protected] wrote:
program_template seems very specific to dbparser, as others only use one
template.
If one were to generalize this, it would probably make more sense to allow
for template to be passed an array, e.g. [$MSG, $PROGRAM, ...]—
Reply to this email directly or view it on GitHub
#141 (comment).
from syslog-ng.
I'm not 100% sure whether my case apply here as well, but by the overall look of it it seems so. I'm having a structured way of $PROGRAM
name that I need to parse in order to aggregate logs the way I want to. Logs themselves can originate from the same and/or different hosts (multiple instances per host) at the same time, so I went with the following pattern for the $PROGRAM
: app_part1/app_part2/app_part3
. The first two parts are the same for every instance, the differentiating factor is the third part. I wanted to have the following structure in the logs tree: /var/log/app_part1/app_part2.log
-- but in order to be able to do that, I would need to be able to parse $PROGRAM
, which is, to my understanding, currently impossible.
from syslog-ng.
from syslog-ng.
Related Issues (20)
- Support role in s3 destination
- Sending logs to OpenSearch using panos parser produces JSON error in OpenSearch HOT 2
- default-network-drivers() is not getting fortigate logs hostname ($HOST) correctly HOT 4
- stats(healthcheck-freq()) problems HOT 4
- On a stressed system, some logs are not being written to the log file. HOT 2
- openobserve config is incorrect HOT 2
- Syslog-ng stops writing logs to a file from a custom systemd-journald namespace after a server restart HOT 2
- Support aws:kms encryption in the s3 destination
- [4.7.1] can't compile cloud-auth when using libressl HOT 2
- compile error in otel when ipv6 support is disabled
- clang c++ support HOT 1
- trusted-keys: support a secure hash algorithm HOT 1
- Add macro for certificate fingerprint HOT 1
- Unexpected behavior with multiple conditions including 'not' in the filter HOT 4
- There is no problem starting syslog-ng, but Verify reports an error. HOT 1
- OpenTelemetry/OTLP: add support for certificate pinning, like with `trusted-keys()` HOT 3
- Config failing with kafka and template HOT 3
- syslog-ng 3.24.1 sometimes crash in log_pipe_queue HOT 2
- libcloud-auth is underlinked HOT 1
- Fuzzing discovery HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from syslog-ng.