|Main Archive Page > Month Archives > syslog-ng-users archives|
"Patrick H." <firstname.lastname@example.org> writes:
>> I was pondering about how to do this properly. On one hand, extracting
>> the timestamp from the message is easy with patterndb. But converting it
>> to a proper date is a harder task that way (off the top of my head, that
>> would require a way to figure out the bootup time, preferably once only;
>> and a way to format an arbitrary timestamp to a date).
>> Another solution would be to add a flag(parse-kernel-uptime) flag or
>> similar, and implement support for it directly in syslog-ng. This would
>> override the $DATE macros.
>> There's probably other ways to do this, perhaps even easier and more
>> convenient ways. Any other ideas?
> Well I think you'd have to calculate this on every message
> received. If you do something just once like what time the system
> booted, if the system time changes, then values calculated off that
> will be inaccurate.
Hrm, true. I didn't consider moving time.
> Also I question if we need a separate flag. If we just use the
> pre-existing 'kernel' flag, we can assign the calculated time to the
> S_ macros (S_HOUR, S_DATE, etc), and then have R_ macros be the time
> it was read off the line.
Oh, we have a kernel flag? O:)
Then we can reuse that, yes. I'll see if I can come up with something
over the weekend or so.
>>>> 2) I grab all kernel messages with priority of crit or higher and send
>>>> it to the usertty() destination, but this destination doesnt support
>>>> templates. It'd be nice to be able to define the template. I mostly
>>>> just want to change the time format and remove the hostname (since
>>>> these will only come from localhost on my setup).
>>> Anyone volunteering?
>> Unless someone beats me to it, I'll do it, when time permits. But it
>> would be better if someone else stepped up, it's an easy task, and I'll
>> gladly give pointers. You don't even have to know much C!
> I might have time to do this this weekend. I'm the on-call at work
> this week, so I'll be chained to my computer anyway. But I dont know.
> Seems like none of us can figure if we'll have time to do this or not
> :-). So if I do it, I'll just respond to this thread.
-- |8] ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq