Home / server / Questions / 306431
In Process
Rich
Asked: 2011-08-31 06:13:44 +0800 CST

SyslogNG message format

  • 772

I am reading through some syslog-ng documentation, and in the section about filter functions, it says that the program() filter matches...

...messages by using a regular expression against the program name field of log messages.

The documentation also includes similar definitions for other filter functions.

How is the program name field set in a log message? Is there some documentation somewhere which summarises this for the various fields? I couldn't find it in the documentation I have ("The syslog-ng Administrator Guide").

syslog-ng

2 Answers

  1. The program name field is set by the application sending the log message. If you want to override this for some reason, you can use the program_override() option in the syslog-ng source definition. I am not sure which syslog-ng versions support this option, it is surely available in 3.0 and later.

    HTH

    Robert

    • 2

  2. From man 3 syslog:

       (...)
   #include <syslog.h>

   void openlog(const char *ident, int option, int facility);
   void syslog(int priority, const char *format, ...);
   void closelog(void);

   openlog()  opens a connection to the system logger for a program.  
   The string pointed to by ident is prepended to every message, 
   and is typically set to the program name.

    Program name is set inside code of the program using the system logging facility.

    • 0