We are using the log4j SyslogAppender to send our logging statements to syslog-ng. Once the messages are in syslog-ng, we are having trouble getting syslog-ng to recognize that a stacktrace goes with the appropriate logging statement. Thus, when we filter the messages (which we do to separate out ERROR level statements for monitoring alarms) the stacktrace gets lost. Does anyone know if it is possible to do this? We are using the open source version of syslog-ng version 3.1.4 on Gentoo.
Asked
Active
Viewed 1,505 times
3
-
would you mind showing us the syslog-ng configuration (filter & logging) you are using ? – olivierg Oct 15 '21 at 20:14
2 Answers
0
I'm not familiar with Syslog-ng specifically, but I do know that in regular syslog, and in rsyslog, a new line indicates a new message. I think you'd have to strip all the new line characters out of the stack trace for this to work, which would obviously make the stack traces quite difficult to read.
Bart B
- 3,457
- 6
- 31
- 42
-
we were trying to avoid this for the reason you stated of it making the stacktraces difficult to read. – Matt Campbell Aug 10 '12 at 14:36
0
I ended up writing a custom Syslog Appender that puts the proper prefix on each line of the stacktrace so that the stack trace lines can get sorted properly by our syslog filters. It isn't perfect, but it is working well enough.
Matt Campbell
- 183
- 5