[prev in list] [next in list] [prev in thread] [next in thread] 

List:       syslog-ng
Subject:    Re: [syslog-ng] [EXTERNAL] Re: Using custom parser with only a subset of	udp	traffic
From:       Fabien Wernli <wernli () in2p3 ! fr>
Date:       2021-05-27 6:35:37
Message-ID: 20210527063537.GD1601 () ccfawe ! in2p3 ! fr
[Download RAW message or body]

Hi Mark,

On Fri, May 21, 2021 at 02:22:09PM +0000, Faine, Mark R. (MSFC-IS40)[NICS] wrote:
> Thanks, a couple of questions.  Do you have any blog posts that demonstrate best \
> practices when using junctions and channels?  I think I mostly understand it but \
> sometimes things happen that I don't anticipate and I'm trying to figure out what \
> I'm not understanding.

I think most people (including the developers) think that junctions and
channels are hard to grasp concepts, and therefore now use if then else
constructs instead.

> Is it possible to give a name to every filter, rewrite, parser, etc.?  As I'm \
> looking through traces they are hard to identify when they are anon-filter and \
> such, I have to go look at the line number or figure it out from the context of the \
> log message.  I tried this but the --syntax-only check was not having it, perhaps I \
> was doing it wrong.  I would also like to be able to write to a file only the log \
> categorization output without the actual log messages, is that possible?  It would \
> help me in figuring out why things are not going where they should.

You can use named filters instead of anonymous ones everywhere, even in
junctions and channels.

As for your last question, I think your only option is to run syslog-ng in
the foreground in debug mode, where it will tell you exactly what it's
doing. Now that I think of it, IIRC there's also a way to get more detailed
stats
(https://www.syslog-ng.com/technical-documents/doc/syslog-ng-open-source-edition/3.26/administration-guide/option-stats-level-description)


Hoping that helps

______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq


[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic