Man pages sections > man8 > syslog_to_svclog

syslog_to_svclog - log syslog messages to servicelog

SYSLOG_TO_SVCLOG(8) Diagnostic Tools SYSLOG_TO_SVCLOG(8)

NAME

syslog_to_svclog - log syslog messages to servicelog

SYNOPSIS

syslog_to_svclog [ -b begin_time ] [ -e end_time | -F ]
 
[ -m message_file | -M ] [ -C catalog_dir ] [ -h ] [ -d ]

DESCRIPTION

The syslog_to_svclog command reads the specified message file (defaults to stdin), which should be in the format produced by the syslogd daemon. For each line that matches a message documented in the message catalog, syslog_to_svclog logs an event to the servicelog database, as appropriate. Typically, syslog_to_svclog logs only warning and error messages to servicelog, not debug or informational messages.
When /var/log/messages or /var/log/syslog is the message file, syslog_to_svclog maintains a little "last-message" file that contains a copy of the last line read from /var/log/messages or /var/log/syslog that matched a message from the message catalog. When a subsequent instance of syslog_to_svclog begins reading from /var/log/messages or /var/log/syslog, and no -b option is specified, syslog_to_svclog begins with the next message after the one in the "last message" file. The intent is to avoid logging the same event to servicelog multiple times.

OPTIONS

-b begin_time
Ignore messages with timestamps prior to begin_time. See "Timestamps."
-C catalog_dir
Use the message catalog in catalog_dir. The default is /etc/ppc64-diag/message_catalog.
-d
Print debugging output on stderr.
-e end_time
Ignore messages with timestamps after end_time. See "Timestamps."
-F
Do not terminate upon reaching the end of the message file. Continue watching for, and processing, new messages as they arrive, as with " tail -F". To terminate syslog_to_svclog, send it a termination signal, as with CTRL-C.
-h
Print help text and exit.
-m message_file
Read syslog messages from the specified file instead of stdin.
-M
Read syslog messages from system default location /var/log/messages or /var/log/syslog. -M implies -F.

TIMESTAMPS

The following timestamp formats are recognized by syslog_to_svclog:
 
month day [ year ] [ hh:mm[:ss]] — e.g., Feb 12 2010 14:30
 
month day hh:mm[:ss] [ year ]
 
day month [ year ] [ hh:mm[:ss]] — e.g., 12 Feb 14:30
 
day month hh:mm[:ss] [ year ]
 
year-month-day [ hh:mm[:ss]] — e.g., 2010-2-12 14:30:00
If no year is specified, syslog_to_svclog assumes that the timestamp is from the prior 12 months. If no hh:mm is specified, syslog_to_svclog assumes 00:00:00.

AUTHOR

Written by Jim Keniston (jkenisto@us.ibm.com). Conversion of format strings to regular expressions (for matching syslog messages to catalog entries) written by Jesse Larrew (jlarrew@us.ibm.com).

FILES

/etc/ppc64-diag/message_catalog/* — message catalog
 
/var/log/ppc64-diag/last_syslog_event — last message matched from /var/log/messages

SEE ALSO

explain_syslog(8), servicelog(8), syslog(3)
March 2010 Linux