HPE Community
Operating System - Linux
1822142 Members
3963 Online
109640 Solutions
New Discussion юеВ

How to put Syslog message with priority

 
Mega-Mac
New Member

тАО10-26-2007 05:13 AM

тАО10-26-2007 05:13 AM

How to put Syslog message with priority

I'd like to put syslog message with the priority info to /var/log/messages .
ex) crit alert emerg
Because log-watching program (JP1) looking for word "crit alert emerg" .which is messages to impact to system .
redhat syslog don't leave any priority info there by default.

How could I do that?
0 Kudos
Reply
11 REPLIES 11
Ivan Ferreira
Honored Contributor

тАО10-26-2007 05:57 AM

тАО10-26-2007 05:57 AM

Re: How to put Syslog message with priority

Proably, with syslog you can't.

Check syslog-ng!
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
0 Kudos
Reply
Stuart Browne
Honored Contributor

тАО10-26-2007 12:01 PM

тАО10-26-2007 12:01 PM

Re: How to put Syslog message with priority

Or just seperate the different levels into different log files.
One long-haired git at your service...
0 Kudos
Reply
Mega-Mac
New Member

тАО10-26-2007 11:12 PM

тАО10-26-2007 11:12 PM

Re: How to put Syslog message with priority

Ivan ,Stuart
Thanks to reply me.
I'd taken account of "syslog-ng",it is sure way to do this,
and To seperate log files are easiest way to go.
But I have to setup 100 redhat servers,so I was so sad.
0 Kudos
Reply
Vitaly Karasik_1
Honored Contributor

тАО10-27-2007 08:45 PM

тАО10-27-2007 08:45 PM

Re: How to put Syslog message with priority

>I'd like to put syslog message with the priority info to /var/log/messages .

I afraid, I don't understand you.
Do you mean "add some log entry with specific priority"? - it's trivial with "logger"(1).
0 Kudos
Reply
Mega-Mac
New Member

тАО10-27-2007 11:00 PM

тАО10-27-2007 11:00 PM

Re: How to put Syslog message with priority

Hi,Vitaly
Thanks to reply me.
My English skill is not enough,that is my apology.
I mean,
for exam,following /var/log/messages have a error,but I can't decide these message are crical to system or not.
Oct 22 09:14:12 CMRECV05 kernel: hda: irq timeout: error=0x00
CMRECV05 kernel: shpchp: acpi_shpchprm:get_device PCI ROOT HID fail=0x1001

After all,these above messages are harmless,(HP support guy said).
If /var/log/messages had included the priority infomation (crit,alert,emerg),easier to find out importnat messages and watch them from log-watching program (JP1 or Openview).
Could it be a good explanation for you?
0 Kudos
Reply
Vitaly Karasik_1
Honored Contributor

тАО10-27-2007 11:18 PM

тАО10-27-2007 11:18 PM

Re: How to put Syslog message with priority

Thank you for your explanation!
To say the truth, till now I was sure that syslogd saves priority info into syslog!!!
It's really strange that standart syslogd doesn't know to do this...
0 Kudos
Reply
Stuart Browne
Honored Contributor

тАО10-28-2007 07:50 AM

тАО10-28-2007 07:50 AM

Re: How to put Syslog message with priority

100 servers, and you aren't using centralized logging? How strange.

I'd also assume you're using the same syslogd on all servers, so it should be one changed pushed to 100 servers, no big deal.

Even if it's not, 2-3 lines of script executed on each machine should do it.
One long-haired git at your service...
0 Kudos
Reply
Heironimus
Honored Contributor

тАО10-29-2007 03:22 AM

тАО10-29-2007 03:22 AM

Re: How to put Syslog message with priority

If you really want to use that approach the way you would do it with a standard syslog is to send a copy of all messages with the relevant priorities to a new log and point your log monitor at that file instead of at /var/log/messages.

However, the syslog or kernel priority doesn't necessarily reflect the priority of the message to you. A log scraper is not a suitable replacement for qualified personnel.
0 Kudos
Reply
Mega-Mac
New Member

тАО10-29-2007 05:12 AM

тАО10-29-2007 05:12 AM

Re: How to put Syslog message with priority

To Stuart
>you aren't using centralized logging?
You absolutely right!
My customer doesn't care about centralizing syslod,because maybe log-watch program(JP1,OpenView) patrol them I think.

To Heironimus
Thanks to reply me.
I have a small English problem ,but well....
How do you watch logs,pick up important logs and what are filter words.
Best regards,
0 Kudos
Reply
Heironimus
Honored Contributor

тАО10-29-2007 09:07 AM

тАО10-29-2007 09:07 AM

Re: How to put Syslog message with priority

A UNIX system puts a lot of information in to its logs. I've only seen places scan log files when they could find no other way to do alerting. Many faults can be identified more reliably through other means. The only time it really works to watch log files is when you know exactly what to expect.

I guess the real question is what kind of alerts you're looking for. Hardware is often best monitored with agents supplied by the vendor. The HP health agents can report some errors that usually won't make it in to the system logs, like a failed drive in an array or correctable memory errors.
0 Kudos
Reply
Mega-Mac
New Member

тАО10-30-2007 01:53 AM

тАО10-30-2007 01:53 AM

Re: How to put Syslog message with priority

I seem to have reached the answer.
I'll withdraw to filter syslogs by word.
It's enough to watch the hardware,disk free space,process by agent like(JP1,OPV) ,and use syslog message for analyzing.
Thanks everyone
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.