Filtering keywords from syslog.

roshan.171188 · October 5, 2015, 5:13pm

Hi,

My syslog in AIX forwards all user facility to a specific log /logs/user.log

I need to further segregate the user.log to logs specific to various applications and i was wondering if i can make some configuration change to syslog.conf to forward messages based on a certain keyword?

for eg:

INTBRK                     /logs/INTBRK.log
SOAP                       /logs/WebSvc.log
.Net                         /logs/IIS.log

currently the configuration in syslog.conf is as below:

user.info    /logs/user.log  rotate size 10m files 10 compress
user.err     /logs/user.log  rotate size 10m files 10 compress
user.error   /logs/user.log  rotate size 10m files 10 compress
user.warn    /logs/user.log  rotate size 10m files 10 compress

_XrAy · October 6, 2015, 4:04am

Hi,

first of: you didn't need specify each priority.

# <priority> is one of (from high to low):
#       emerg/panic,alert,crit,err(or),warn(ing),notice,info,debug
#       (meaning all messages of this priority or higher)

So user.info /logs/user.log rotate size 10m files 10 compress will do the trick.

It is (currently) not possible to use filter words in AIX syslog. You can use either syslog-ng or use the facility labels local0 to local7 - as far it is possible to define the syslog facility in your application.

Regards

agent.kgb · October 6, 2015, 2:47pm

it can be very tricky to do it with AIX supplied syslogd. I would recommend to keep it simple and to parse the log file.