syslogd: Logfile format (not configuration format)

Posted by chris_l on Server Fault See other posts from Server Fault or by chris_l
Published on 2010-03-22T19:06:32Z Indexed on 2010/03/22 19:11 UTC
Read the original article Hit count: 429

Filed under:

syslogd

|

log-files

Hi,

I'd like to parse logfiles. Is the logfile format of syslogd the same for all systems? On my system (Debian Lenny), it's:

Mar  7 04:22:40 my-host-name ...

(I'm not much interested in the ... part)

Can I rely on this? And is there maybe some more-or-less official description? The manpage of syslogd describes the config format, but not the logfile format.

Ideally, the description would give the fields official names like (date, time, host, entry) or (datetime, hostname, message). Maybe additionally some regular expressions. I'd like to use the names and regexes in my script, to avoid an unnecessary deviation from the standard, and to make sure, that the script runs everywhere.

Thanks

Chris

© Server Fault or respective owner

Related posts about syslogd

How do you enable syslogd to accept incoming connections on Snow Leopard from remote loggers?

as seen on Super User - Search for 'Super User'
How do I get syslogd to accept incoming connections from remote hosts on Snow Leopard? I'd like to centralize logging such that various devices and systems send logs to Snow Leopard's syslogd, which normally hangs out on UDP 514. However, I'm unable to get them to successfully be accepted by good… >>> More
How do you enable syslogd to accept incoming connections on Snow Leopard from remote loggers?

as seen on Super User - Search for 'Super User'
How do I get syslogd to accept incoming connections from remote hosts on Snow Leopard? I'd like to centralize logging such that various devices and systems send logs to Snow Leopard's syslogd, which normally hangs out on UDP 514. However, I'm unable to get them to successfully be accepted by good… >>> More
Understading the output of syslogd -d

as seen on Super User - Search for 'Super User'
What is the meanding of 80, F and X in the following output of syslogd -d? 0: X X X X FF X X X X X FF X X X X X X X X X X X X X X FILE: /var/log/auth.log (unused) 1: FF FF FF FF X FF FF FF FF FF X FF FF FF FF FF FF FF FF FF FF FF FF FF FF FILE: /var/log/syslog (unused) … >>> More
syslogd: Logfile format (not configuration format)

as seen on Server Fault - Search for 'Server Fault'
Hi, I'd like to parse logfiles. Is the logfile format of syslogd the same for all systems? On my system (Debian Lenny), it's: Mar 7 04:22:40 my-host-name ... (I'm not much interested in the ... part) Can I rely on this? And is there maybe some more-or-less official description? The manpage of… >>> More
Hardware error messages from syslogd

as seen on Super User - Search for 'Super User'
I have a 64-core AMD server running CEntOS on which I was running a long job. In the midst of the output, I see these lines. It appears to be a memory error. How severe is this and what exactly does it indicate? Message from syslogd@heracles at Nov 7 21:00:02 ... kernel:[Hardware Error]: MC4_STATUS[Over|CE|MiscV|-|AddrV|-|-|CECC]:… >>> More

Related posts about log-files

Problem with squid log files

as seen on Server Fault - Search for 'Server Fault'
I am using SARG to get a report on the squid log files, I get this result /usr/local/Sarg/bin/sarg -l /usr/local/squid/var/logs/access.log SARG: Records in file: 0, reading: 0.00% SARG: Records in file: 0, reading: 0.00% SARG: Records in file: 0, reading: 0.00% SARG: Records in file: 0, reading:… >>> More
Safe to enable compression C:\WINDOWS\system32\LogFiles

as seen on Server Fault - Search for 'Server Fault'
Will it slow down my website if I enable compression on the C:\WINDOWS\system32\LogFiles directory? These files are slowly but surely chewing away drive space and I'd like to slow the expansion. I'm worried however that this will also slow my websites. >>> More
My linux server time and log files are not the same

as seen on Server Fault - Search for 'Server Fault'
Hi i have installed NTP on my linux server and i am getting my clock from a 6500 core switch, everything is working fine. When i ssh to a switch i have it all sent to a log file on the linux server, this log file does not time stamp with the same time as i have on the server. the date and hwclock… >>> More
Minimizing SQL transaction log file size on developer box running simple recovery model

as seen on Server Fault - Search for 'Server Fault'
We have alot of SQL servers on development environment where we never take backup of the databases (TFS for code is enough). The (SharePoint) databases are all set to simple recovery model, but the log files, especially for the SharePoint configuration database is growing quite large and filling… >>> More
How to write to Tomcat log files

as seen on Stack Overflow - Search for 'Stack Overflow'
What is the easiest way to print out something in a Tomcat Log file. I was under the impression that System.out.println() would print to one of the log files. I just want to print out the value of a string, so the simplest solution would be best. If there is no simple/trivial solution I guess I… >>> More