| 1 |
Albert Hopkins wrote: |
| 2 |
> On Sat, 2009-08-22 at 10:39 +0200, Jarry wrote: |
| 3 |
>> The problem is with portage logs: I can not find any pattern |
| 4 |
>> I could use to filter them out. |
| 5 |
|
| 6 |
> I'm not sure what you are trying to "filter out". Portage logs are |
| 7 |
> relatively machine-readable (e.g. qlop). |
| 8 |
|
| 9 |
syslog-ng in client mode does not open new connection for every |
| 10 |
source (be it /dev/log, /proc/kmsg/, /var/log/messages, etc.). |
| 11 |
Instead of that, it opens only one connection and "pumps" logs |
| 12 |
to server in one stream. It is a log-server's job to split it out. |
| 13 |
|
| 14 |
The first quite natural filter-rule is to split logs according |
| 15 |
to client-IP (or hostname). The second level is to split logs |
| 16 |
according to application. I do not want to have logs from kernel, |
| 17 |
sshd, apache, ntp, portage, ftp, dns, mixed together in one file. |
| 18 |
|
| 19 |
And that is a problem. I can easily identify logs from i.e. sshd: |
| 20 |
> 2009-08-22T10:54:30+00:00 obelix sshd[6984]: Accepted... |
| 21 |
Simply I use filter "sshd*" for the 3rd field (application name). |
| 22 |
|
| 23 |
Or in case of ntpd-logs I put filter for "ntpd*": |
| 24 |
> 2009-08-22T10:54:48+00:00 nitino ntpd[4421]: synchronized... |
| 25 |
|
| 26 |
But what do I have to do with this: |
| 27 |
> 1250867551: *** Finished. Cleaning up... |
| 28 |
or: |
| 29 |
> 1250867528: === Sync completed |
| 30 |
How can a log-server indentify it as portage-log so that it could |
| 31 |
save it into /var/log/$HOST/emerge.log? |
| 32 |
|
| 33 |
> If you don't mind getting your hands dirty, portage is written mostly in |
| 34 |
> python and bash so it shouldn't be that difficult to dig into the parts |
| 35 |
> that handle emerge.log and emerge-fetch.log and convert them to syslog. |
| 36 |
|
| 37 |
Well, I'm affraid this is beyond my skill. I've looked at those |
| 38 |
scripts, but they seem to me to be really complicated... |
| 39 |
|
| 40 |
Jarry |
| 41 |
|
| 42 |
-- |
| 43 |
_______________________________________________________________ |
| 44 |
This mailbox accepts e-mails only from selected mailing-lists! |
| 45 |
Everything else is considered to be spam and therefore deleted. |
Archives