0

I am entirely new to this syslog-ng concept and trying to do some logging of my application using syslog-ng levels into different files.

ie.) LOG_ALERT log should be generated into alert.log file and Log_INFO log should be generated into info.log file

I have tried to modify the syslog-ng.conf file for separation files based on levels, where I am not sure about the modification I had done is correct.

I had a look on to this question, where I am not able to understand the answer Writing in separate log files

Following is the syslog-ng.conf I have modified

@version: 3.2
@include "scl.conf"

source s_local {
    system();
    internal();
};

source s_LOG_ALERT {
    system();
    internal();
};


source s_network {
    udp();
};



destination d_local {
    file("/var/log/messages.txt");
};


destination d_LOG_ALERT  {
    file("/var/log/alert.txt");
};


log {

    source(s_LOG_ALERT);
    destination(d_LOG_ALERT);

};




log {
    source(s_local);

    # uncomment this line to open port 514 to receive messages
    #source(s_network);

    destination(d_local);
};

After this modification, I had observed that the log is entirely generating in the only messages.txt file, but not in alert.tx.

Following is the sample C code I have used

     openlog("myapp",LOG_CONS|LOG_PID|LOG_NDELAY,LOG_LOCAL0);

          syslog(LOG_ALERT|LOG_LOCAL0,"Alert",getuid());

          syslog (LOG_ALERT, "Program started by User %d \n", getuid ());
          syslog (LOG_ALERT , "Its the Beginning ");
          syslog (LOG_ALERT , "Hello ALL ");
          syslog (LOG_ALERT , "Its the alert ");
          syslog (LOG_INFO , " Information for all ");
          syslog (LOG_INFO, " Simulation has begin ");

followed by my application code.

Any leads would be very helpful.

Srikaran Maheshwaram
  • 35
  • 1
  • 9

2 Answers2

1

You need separate log statements for the different log levels, and use filters to route only the appropriate messages into the files. Also, you need to add the flags(final) to the log statements so the messages appear only in one file. Like this:

log {
  source(s_local);
  filter { level("alert") };
  destination(d_LOG_ALERT);
  flags(final);
};
Robert Fekete
  • 557
  • 3
  • 5
  • I have modified as per your suggestion, after modifying when i start syslog-ng in cygwin, the following is the output The CYGWIN syslog-ng service is starting. The CYGWIN syslog-ng service could not be started. The service did not report an error. More help is available by typing NET HELPMSG 3534. – Srikaran Maheshwaram Feb 14 '18 at 09:27
  • 1
    It's possible that version 3.2 does not support defining filters inline. Add this line somewhere above the log{} lines: filter demo_filter { level("alert"); }; And in the log statement, change this: filter { level("alert") }; to this: filter(demo_filter); – Robert Fekete Feb 14 '18 at 11:53
0

If you would like to simplify the above configuration, it is possible with template file destination name.

@version: 3.2
@include "scl.conf"

source s_in {
    system();
    internal();
    udp();
};

destination d_log {
     file("/var/log/${LEVEL}.txt");
};


log {
    source(s_in);
    destination(d_log);
};

When the message is written out, the ${LEVEL} macro is evaluated, so no filtering or multiple log paths is required.

You could use multiple macros in the destination file name such as date related ones (MONTH, YEAR, ...), or even PROGRAM, HOST.

kokan
  • 64
  • 3