Scroll to navigation

SYSLOG_TO_SVCLOG(8) Diagnostic Tools SYSLOG_TO_SVCLOG(8)

NAME

syslog_to_svclog - log syslog messages to servicelog

SYNOPSIS

syslog_to_svclog [ -b begin_time ] [ -e end_time | -F ]
[ -m message_file | -M ] [ -C catalog_dir ] [ -h ] [ -d ]

DESCRIPTION

The syslog_to_svclog command reads the specified message file (defaults to stdin), which should be in the format produced by the syslogd daemon. For each line that matches a message documented in the message catalog, syslog_to_svclog logs an event to the servicelog database, as appropriate. Typically, syslog_to_svclog logs only warning and error messages to servicelog, not debug or informational messages.

When /var/log/messages or /var/log/syslog is the message file, syslog_to_svclog maintains a little "last-message" file that contains a copy of the last line read from /var/log/messages or /var/log/syslog that matched a message from the message catalog. When a subsequent instance of syslog_to_svclog begins reading from /var/log/messages or /var/log/syslog, and no -b option is specified, syslog_to_svclog begins with the next message after the one in the "last message" file. The intent is to avoid logging the same event to servicelog multiple times.

OPTIONS

Ignore messages with timestamps prior to begin_time. See "Timestamps."
Use the message catalog in catalog_dir. The default is /etc/ppc64-diag/message_catalog.
Print debugging output on stderr.
Ignore messages with timestamps after end_time. See "Timestamps."
Do not terminate upon reaching the end of the message file. Continue watching for, and processing, new messages as they arrive, as with "tail -F". To terminate syslog_to_svclog, send it a termination signal, as with CTRL-C.
Print help text and exit.
Read syslog messages from the specified file instead of stdin.
Read syslog messages from system default location /var/log/messages or /var/log/syslog. -M implies -F.

TIMESTAMPS

The following timestamp formats are recognized by syslog_to_svclog:
month day [ year ] [hh:mm[:ss]] — e.g., Feb 12 2010 14:30
month day hh:mm[:ss] [ year ]
day month [ year ] [hh:mm[:ss]] — e.g., 12 Feb 14:30
day month hh:mm[:ss] [ year ]
year-month-day [hh:mm[:ss]] — e.g., 2010-2-12 14:30:00

If no year is specified, syslog_to_svclog assumes that the timestamp is from the prior 12 months. If no hh:mm is specified, syslog_to_svclog assumes 00:00:00.

AUTHOR

Written by Jim Keniston (jkenisto@us.ibm.com). Conversion of format strings to regular expressions (for matching syslog messages to catalog entries) written by Jesse Larrew (jlarrew@us.ibm.com).

FILES

/etc/ppc64-diag/message_catalog/* — message catalog
/var/log/ppc64-diag/last_syslog_event — last message matched from /var/log/messages

SEE ALSO

explain_syslog(8), servicelog(8), syslog(3)

March 2010 Linux