Service manual

Appendix G Generating Alarm and Syslog 160

Cyclades-TS Installation & Service Manual

- this is one of the most important destination drivers in syslog-ng. It allows you to output log messages to

the named file.

- the destination filename may include macros (by prefixing the macro name with a ‘$’ sign) which gets

expanded when the message is written.

- since the state of each created file must be tracked by syslog-ng, it consumes some memory for each

file. If no new messages are written to a file within 60 seconds (controlled by the time_reap global option),

it’s closed, and its state is freed.

- available macros in filename expansion:

• HOST - the name of the source host where the message is originated from.

• FACILITY - the name of the facility, the message is tagged as coming from.

• PRIORITY or LEVEL - the priority of the message

• PROGRAM - the name of the program the message was sent by.

• YEAR, MONTH, DAY, HOUR, MIN, SEC - the year, month, day, hour, min, sec of the message

was sent.

• TAG - it equal FACILITY/LEVEL

• FULLHOST - the name of the source host and the source-driver: <source-driver>@<hostname>

• MSG or MESSAGE - the message received.

• FULLDATE - the date of the message was sent.

- available options:

• log_fifo_size(number) - the number of entries in the output file.

• sync_freq(number) - the file is synced when this number of messages has been written to it.

• encrypt(yes/no) - encrypt the resulting file.

• compress(yes/no) - compress the resulting file using zlib.

• owner(name), group(name), perm(mask) - equal global options

• template(“string”) - syslog-ng write the “string” in the file.

b) pipe(filename [options])

- this driver sends messages to a named pipe.

- available options:

• owner(name), group(name), perm(mask) - equal global options