[Sussex] Red Hat Enterprise syslog question
Jon Fautley
jfautley at redhat.com
Thu May 11 10:46:31 UTC 2006
paul.morriss at tokenbay.co.uk wrote:
> Dear all,
>
> I have been trying to find out the log file (syslog) format of Red Hat
> Linux Enterprise Edition. I am aware that it uses a variant of the SYSLOG
> format, unfortunately I have been unable to locate the exact
> specifications of this particular variant. The nearest I have found on the
> website was this log example:
>
> Jul 18 20:51:03 clu1 clufence[30780]: <info> STONITH: rps10 at /dev/ttyS0,\
> port 1 controls clu2
> Jul 18 20:51:17 clu1 clufence[30780]: Port 0 being turned on.
> Jul 18 20:51:17 clu1 clufence[30780]: <notice> STONITH: clu2 is no longer
> fenced off.
> [1] [2] [3] [4] [5]
>
> Each entry in the log file contains the following information:
> • [1] Date and time
> • [2] Hostname
> • [3] Cluster resource or daemon
> • [4] Severity
> • [5] Message
That's a log message from ClusterSuite. If you're not specifically
examining ClusterSuite log files, you shouldn't worry about that page.
>
> This, however, is not an explicit specification and also shows signs of
> inconsistency, with the severity tag missing (when Port 0 is turned on),
> and the date seeming somewhat incomplete. I believe the severity tag is
> configurable through syslog.conf?
The field you've listed as the 'severity' tag, in fact, isn't. This is
the internal ClusterSuite log level - it has nothing to do with syslog.
>
> If anybody can direct me to an explicit technical specification for Red
> Hat Linux Enterprise’s syslog format, it would be appreciated.
It's not Red Hat specific. It's a standard system logger daemon, that
logs in the 'normal' format. Observe:
Red Hat Enterprise Linux 4.3
----------------------------
[root at schnell ~]# uname -a
Linux schnell.gsslab.lhr.redhat.com 2.6.9-34.EL #1 Fri Feb 24 16:44:51
EST 2006 i686 i686 i386 GNU/Linux
[root at schnell ~]# cat /etc/redhat-release
Red Hat Enterprise Linux AS release 4 (Nahant Update 3)
[root at schnell ~]# rpm -q sysklogd
sysklogd-1.4.1-26_EL
[root at schnell ~]# logger -p local7.info -t myapp -i "This is a test message"
[root at schnell ~]# tail -n1 /var/log/messages
May 11 11:46:24 schnell myapp[3494]: This is a test message
Debian Sarge
------------
tardis:~# uname -a
Linux tardis 2.6.12.6-xen0-dead.li-20060326 #2 SMP Sun Mar 26 15:10:46
BST 2006 i686 GNU/Linux
tardis:~# cat /etc/debian_version
3.1
tardis:~# dpkg -p sysklogd|grep Version
Version: 1.4.1-17
tardis:~# logger -p local7.info -t myapp -i "This is a test message"
tardis:~# tail -n1 /var/log/messages
May 11 11:40:47 localhost myapp[26894]: This is a test message
As you can see - the output is the same. Lets break down the line:
May 11 11:46:24 schnell myapp[3494]: This is a test message
[DATE] [ TIME ] [HOST ] [TAG][ PID]: [MESSAGE]
PID is optional - not everything includes it. TAG is generally the
application name, but this can be set to anything you like.
Comparing this to the line you posted:
Jul 18 20:51:17 clu1 clufence[30780]: Port 0 being turned on.
[DATE] [ TIME ] [HN] [ TAG ][ PID ]: [MESSAGE]
Hope this helps,
/j
--
Jon Fautley RHCE, RHCX <jfautley at redhat.com> direct: +44 1483 739615
Technical Account Manager office: +44 1483 300169
Red Hat UK mobile: +44 7841 558683
10 Alan Turing Road, Surrey Research Park, Guildford, Surrey, GU2 7YF
More information about the Sussex
mailing list