Hi,
I'm evaluting LogMX for a customer who wants to use Syslog RFC5424 and can't seem to find a way to read Syslog files in LogMX.
Here is what I do:
I'm using Log4J2 with SyslogAppender, which connects to Syslog-Watcher. This is the log4j config:
<Syslog name="RFC5424" format="RFC5424" host="localhost" port="1468" protocol="TCP"
appName="MyApp" includeMDC="true" id="App" mdcId="mdcId"
messageId="Audit" enterpriseNumber="9999"
facility="LOCAL0" newLine="true" >
From Syslog-Watcher I'm exporting the logs to a text file and opening the file with LogMX. These are two sample log lines from the exported file:
06/07/2015 08:38,Warning,127.0.0.1,- Audit [mdcId@9999 category=""AppenderTest"" priority=""WARN"" thread=""LogProducer""] Tag1: log from producer: LogProducer1
06/07/2015 08:38,Info,127.0.0.1,- Audit [mdcId@9999 category=""AppenderTest"" priority=""INFO"" thread=""LogProducer""] XTag2: log from producer: LogProducer2
When I open the exported log file from LogMX, it says "No suitable parser found for this file" and suggesting I create a parser for this one.
Any help, quick and dirtly or slow but clean, would be much appreciated!
Thanks!
--roy
How to view Syslog log files?
Moderator: admin
Re: How to view Syslog log files?
Hello,
You are right, this is in fact a known bug that is already fixed in LogMX v5.4.0 that will be released around July 17th.
More precisely, there is a bug in the current Syslog Parser for RFC 5424 (yet RFC 3164 is fine). You can read more here:
viewtopic.php?f=1&t=1692
I will let you know when version 5.4.0 is released by posting a message here, or if you need a fixed version of this Parser right now, please let me know, I will send you a fixed version of this Parser so that you can import it in LogMX, before v5.4.0 is released.
PS: the log example you posted here doesn't seem to be RFC5424 (nor RFC3164), it's maybe an internal format of Syslog-watcher... Anyway, even if your syslogs are formatted like this, LogMX can parse it too, since you can create your own LogMX Parsers
Xavier
You are right, this is in fact a known bug that is already fixed in LogMX v5.4.0 that will be released around July 17th.
More precisely, there is a bug in the current Syslog Parser for RFC 5424 (yet RFC 3164 is fine). You can read more here:
viewtopic.php?f=1&t=1692
I will let you know when version 5.4.0 is released by posting a message here, or if you need a fixed version of this Parser right now, please let me know, I will send you a fixed version of this Parser so that you can import it in LogMX, before v5.4.0 is released.
PS: the log example you posted here doesn't seem to be RFC5424 (nor RFC3164), it's maybe an internal format of Syslog-watcher... Anyway, even if your syslogs are formatted like this, LogMX can parse it too, since you can create your own LogMX Parsers
Xavier
Re: How to view Syslog log files?
Hi Xavier,
Sure! If you could send the fixed RFC 5424 parser to me now privately, that would be much appreciated!
thanks!
--roy
Sure! If you could send the fixed RFC 5424 parser to me now privately, that would be much appreciated!
thanks!
--roy
Re: How to view Syslog log files?
I've just sent it by private message
Re: How to view Syslog log files?
Hello,
LogMX v5.4.0 is now released and includes (among many other great things), a fixed version of this Syslog Parser
Please let me know if you have any other trouble or question
Xavier
LogMX v5.4.0 is now released and includes (among many other great things), a fixed version of this Syslog Parser
Please let me know if you have any other trouble or question
Xavier