Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Syslog Message Columns
Top Forums UNIX for Dummies Questions & Answers Syslog Message Columns Post 302465247 by wthomas on Friday 22nd of October 2010 02:58:37 AM
Old 10-22-2010
Syslog Message Columns
Hi all,

I need your help with syslog columns.
Currently I have a script as follows: (extract)
Code:
for messages in `cat syslog_message_list.txt`; \
do \
grep $messages syslog.`date +%d%m%y`.log | \
tr -s " " | \
cut -d" " -f4,9- | \
sort -k3.2,3 -k2,2 -k1nr,1 | \
uniq -c | \
sort -k3.2,3 -k2,2 -k1nr,1 >> syslog.`date +%d%m%y`.report; \
done

A typical syslog message would be as follows:

Oct 22 07:35:14 hajsw202-0202.nls.jlrint.com 21453: Oct 22 06:35:14: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/19, changed state to down

The above Cut command is cutting fields 4 and 9 onwards, which would be the long hostname and error type and it's message content.
However, as I've recently added a few more message types for the script to extract;
i.e.
Oct 21 15:00:49 covlsw01.nls.jlrint.com 2010 Oct 21 14:00:49 GMT +00:00 %SECURITY-1-PORTSHUTDOWN:Port 7/28 shutdown due to security violation

This new message has different field arrangements, where field 9 begins "GMT" rather than %SECURITY-1-PORTSHUTDOWN.

How can I update the script to say; if the message type is %SECURITY-1-PORTSHUTDOWN do, cut field 11 onwards instead of field 9 as at present?

Regards, Wynford



---------- Post updated at 07:58 AM ---------- Previous update was at 07:50 AM ----------




Hi all,

I've just thought that it may be better if I simply get the script to extract from the "%" character, as all of the messages begins with the "%" character when displaying the message type. So if I just cut from the "%" character then this should do it.
The question is. how do I cut or extract just field 4 and the "%" character onwards?

Regards, Wynford
Last edited by vbe; 10-22-2010 at 05:59 AM.. Reason: code tags please
 

10 More Discussions You Might Find Interesting

1. Solaris

syslog message..!

I got my system sun fire 6800 hung later reboot after generating these message can any one help me on this to review these message..!! nfssrv: WARNING: nfsauth upcall failed: RPC: Operation in progress mountd: cannot accept connection: 19: error unknown (current state -1) KAVE00166-W The... (13 Replies)
Discussion started by: nicknihal
13 Replies

2. Programming

why I can't get syslog message?

I read Unix network programming by richard,in chap12.3,it say if call syslog() by using parameter LOG_USER,it should write a message in /var/adm/messages in Solaris,such as "connected from 10.1.1.2",example file inet/daytimetcpsrv2.c.I want to know which syslog file in FreeBSD7.0?I look for... (1 Reply)
Discussion started by: konvalo
1 Replies

3. AIX

Syslog - Message forwarded from

I am not a Unix / AIX admin, but am working with one that doesn't seem to know how to set up syslog to forward messages to me the way I need them. Every message they send me has "Message forwarded from <insert host name here>:" but I need it to only have the host name. In the examples below,... (2 Replies)
Discussion started by: mlbillow
2 Replies

4. UNIX for Advanced & Expert Users

Q on <user> of syslog message generated by logger command

Generally(at least on AIX5.3, Solaris9, OS X)'logger' command would create syslog messages which carry <login name> . On Solaris9, I have experienced two circumstances in which 'logname' command fails. In this circumstance I saw the 'logger' command generated syslog messages which carry... (0 Replies)
Discussion started by: masaki
0 Replies

5. UNIX for Dummies Questions & Answers

Help needed sorting syslog columns

Hi all, I need your help in sorting some columns in a syslog report. The command is: for messages in `cat syslog_message_list.txt`; do grep $messages syslog.`date +%d%m%y`.log | \ tr -s " " | cut -d" " -f4,9- | sort| uniq -c >> syslog.`date +%d%m%y`.report; done The output is: 1... (4 Replies)
Discussion started by: wthomas
4 Replies

6. Red Hat

Syslog Message

All thanks for the help in advance. I'm current have my syslog server built on RHEL5.7. I'm wondering how to I have the syslog messages categorized by hostname? Is that an option I can add to the syslog.conf? (1 Reply)
Discussion started by: aojmoj
1 Replies

7. AIX

Message redirected from syslog

Hi. recently in many of our lpars we are getting a message in errpt as "C6ACA566 0315094014 U S dtc MESSAGE REDIRECTED FROM SYSLOG". I have also checked the /etc/syslog.conf file. It doesn't point to error log. Can someone please advise about how to fix this error ? pmut3:/> errpt -aj... (4 Replies)
Discussion started by: newtoaixos
4 Replies

8. HP-UX

Generate message in syslog.log

Dear Concern, Is there any command to generate message in /var/adm/syslog/syslog.log file in HP-UX. With Best Regards, Kauser (2 Replies)
Discussion started by: makauser
2 Replies

9. UNIX for Dummies Questions & Answers

Find Null values in Columns and fail execution by displaying error message

Hi All, I am new to shell scripting. I have a requirement as part of my job to find out null/empty values in column 2 and column 3 from a CSV file and exit the further execution of script by displaying a simple error message. I have developed a script to do this by reading various articles... (7 Replies)
Discussion started by: tpk
7 Replies

10. Ubuntu

How redirect syslog message to a specified file?

Hello to everyone! I have a question about syslog. I want put the messages of log in a particular file but really i don't know how to do that or i don't get the results that I want. I do this: #include <stdio.h> #include <stdlib.h> #include <syslog.h> int main (void) { ... (4 Replies)
Discussion started by: Kovalevski
4 Replies

LEARN ABOUT DEBIAN

logger::syslog

Logger::Syslog(3pm)					User Contributed Perl Documentation				       Logger::Syslog(3pm)

NAME

       Logger::Syslog -- an intuitive wrapper over Syslog for Perl

DESCRIPTION

       You want to deal with syslog, but you don't want to bother with Sys::Syslog, that module is for you.

       Logger::Syslog takes care of everything regarding the Syslog communication, all you have to do is to use the function you need to send a
       message to syslog.

       Logger::Syslog provides one function per Syslog message level: debug, info, warning, error, notice, critic, alert.

NOTES

       Logger::Syslog is compliant with mod_perl, all you have to do when using it in such an environement is to call logger_init() at the
       beginning of your CGI, that will garantee that everything will run smoothly (otherwise, issues with the syslog socket can happen in
       mod_perl env).

SYNOPSIS

	   use Logger::Syslog;

	   info("Starting at ".localtime());
	   ...
	   if ($error) {
	       error("An error occured!");
	       exit 1;
	   }
	   ...
	   notice("There something to notify");

FUNCTIONS

   logger_init
       Call this to explicitly open a Syslog socket. You can optionaly specify a Syslog facility.

       That function is called when you use the module, if you're not in a mod_perl environement.

       Examples:

	   # open a syslog socket with default facility (user)
	   logger_init();

	   # open a syslog socket on the 'local' facility
	   logger_init('local');

   logger_close
       Call this to close the Syslog socket.

       That function is called automatically when the calling program exits.

   logger_prefix
       That function lets you set a string that will be prefixed to every messages sent to syslog.

       Example:

	   logger_prefix("my program");
	   info("starting");
	   ...
	   info("stopping");

   logger_set_default_facility(facility)
       You can choose which facility to use, the default one is "user".  Use that function if you want to switch smoothly from a facility to
       another.

       That function will close the existing socket and will open a new one with the appropriate facility.

       Example:

	   logger_set_default_facility("cron");

LOGGING

       Logger::Syslog provides one function per Syslog level to let you send messages.	If you want to send a debug message, just use debug(), for
       a warning, use warning() and so on...

       All those function have the same signature : thay take a string as their only argument, which is the message to send to syslog.

       Examples:

	   debug("my program starts at ".localtime());
	   ...
	   warning("some strange stuff occured");
	   ...
	   error("should not go there !");
	   ...
	   notice("Here is my notice");

LICENSE

       This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

COPYRIGHT

       This program is copyright X 2004-2006 Alexis Sukrieh

AUTHOR

       Alexis Sukrieh <sukria@sukria.net>

       Very first versions were made at Cegetel (2004-2005) ; Thomas Parmelan gave a hand for the mod_perl support.

perl v5.12.4							    2006-11-27						       Logger::Syslog(3pm)
All times are GMT -4. The time now is 09:48 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy