Menu
Using this rsyslog config:
$template MYFORMAT,"%msg%\n"
if $programname == 'mylog' then {
action(type="omfile" file="/var/log/mylog.log" template="MYFORMAT")
& stop
}
and this PHP script:
<?php
openlog('mylog', LOG_ODELAY, LOG_LOCAL0);
syslog(LOG_INFO, date('Y-m-d: ') . 'stuff has happened!');
closelog();
My output always ends up having an empty space before the logged message (in the custom log file).
2015-06-10: stuff has happened! (there's a space at the beginning of this line)
324
To selectively disable syncing for certain files, you may prefix the file path with a minus sign ("-"). In other words, the '-' retains do-not-sync in case you change the default behavior (Advice: Don't). This particular question is specific to rsyslog config files.
The rsyslog service keeps various log files in the /var/log directory. You can open these files using native commands such as tail , head , more , less , cat , and so forth, depending on what you are looking for.
Provides the ability to convert any standard text file into a syslog message. A standard text file is a file consisting of printable characters with lines being delimited by LF. The file is read line-by-line and any line read is passed to rsyslog's rule engine.
Use tcpdump to verify data is being sent to Loggly. If you send your events in cleartext while tcpdump is running, you should be able to see them in the left hand column. If your application logs syslog to rsyslog, you can also test to see if messages making it to rsyslog over UDP to localhost.
Modify that
$template MYFORMAT,"%msg%\n"
for
$template MYFORMAT,"%msg:2:2048%\n"
Per RFC 3164, anything after the colon in the syslog tag gets counted as part of the %msg% field, including any space character. This is alluded to in various rsyslog documentation/blog posts, for example https://www.rsyslog.com/log-normalization-and-the-leading-space/ or the sp-if-no-sp documentation here https://rsyslog.readthedocs.io/en/latest/configuration/property_replacer.html
Since it's part of the %msg% field, there are two ways to log lines without a leading space:
Hard code a prefix as part of every log line, for example:
$template MYFORMAT,"[app]: %msg%\n"
Strip the leading space character. You can use a $ sign to say "include everything until the end of the line." The msg characters are 1-indexed, so start with field 2.
$template MYFORMAT,"%msg:2:$%\n"
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
