| SYSLOG_TO_SVCLOG(8) | Diagnostic Tools | SYSLOG_TO_SVCLOG(8) |
syslog_to_svclog - log syslog messages to servicelog
syslog_to_svclog [ -b begin_time ] [
-e end_time | -F ]
[ -m message_file | -M ] [ -C catalog_dir ]
[ -h ] [ -d ]
The syslog_to_svclog command reads the specified message file (defaults to stdin), which should be in the format produced by the syslogd daemon. For each line that matches a message documented in the message catalog, syslog_to_svclog logs an event to the servicelog database, as appropriate. Typically, syslog_to_svclog logs only warning and error messages to servicelog, not debug or informational messages.
When /var/log/messages or /var/log/syslog is the message file, syslog_to_svclog maintains a little "last-message" file that contains a copy of the last line read from /var/log/messages or /var/log/syslog that matched a message from the message catalog. When a subsequent instance of syslog_to_svclog begins reading from /var/log/messages or /var/log/syslog, and no -b option is specified, syslog_to_svclog begins with the next message after the one in the "last message" file. The intent is to avoid logging the same event to servicelog multiple times.
The following timestamp formats are recognized by
syslog_to_svclog:
month day [ year ] [hh:mm[:ss]]
— e.g., Feb 12 2010 14:30
month day hh:mm[:ss] [ year ]
day month [ year ] [hh:mm[:ss]]
— e.g., 12 Feb 14:30
day month hh:mm[:ss] [ year ]
year-month-day [hh:mm[:ss]] —
e.g., 2010-2-12 14:30:00
If no year is specified, syslog_to_svclog assumes that the timestamp is from the prior 12 months. If no hh:mm is specified, syslog_to_svclog assumes 00:00:00.
Written by Jim Keniston (jkenisto@us.ibm.com). Conversion of format strings to regular expressions (for matching syslog messages to catalog entries) written by Jesse Larrew (jlarrew@us.ibm.com).
/etc/ppc64-diag/message_catalog/* — message catalog
/var/log/ppc64-diag/last_syslog_event — last message matched
from /var/log/messages
| March 2010 | Linux |