How to view Syslog log files?

Notes, tips, and other usefull things on how to use LogMX

Moderator: admin

Post Reply
roey
Posts: 7
Joined: Wed Jul 08, 2015 7:01 pm

How to view Syslog log files?

Post by roey »

Hi,
I'm evaluting LogMX for a customer who wants to use Syslog RFC5424 and can't seem to find a way to read Syslog files in LogMX.

Here is what I do:
I'm using Log4J2 with SyslogAppender, which connects to Syslog-Watcher. This is the log4j config:

<Syslog name="RFC5424" format="RFC5424" host="localhost" port="1468" protocol="TCP"
appName="MyApp" includeMDC="true" id="App" mdcId="mdcId"
messageId="Audit" enterpriseNumber="9999"
facility="LOCAL0" newLine="true" >


From Syslog-Watcher I'm exporting the logs to a text file and opening the file with LogMX. These are two sample log lines from the exported file:

06/07/2015 08:38,Warning,127.0.0.1,- Audit [mdcId@9999 category=""AppenderTest"" priority=""WARN"" thread=""LogProducer""] Tag1: log from producer: LogProducer1
06/07/2015 08:38,Info,127.0.0.1,- Audit [mdcId@9999 category=""AppenderTest"" priority=""INFO"" thread=""LogProducer""] XTag2: log from producer: LogProducer2


When I open the exported log file from LogMX, it says "No suitable parser found for this file" and suggesting I create a parser for this one.

Any help, quick and dirtly or slow but clean, would be much appreciated!

Thanks!
--roy
admin
Site Admin
Posts: 555
Joined: Sun Dec 17, 2006 10:30 pm

Re: How to view Syslog log files?

Post by admin »

Hello,

You are right, this is in fact a known bug that is already fixed in LogMX v5.4.0 that will be released around July 17th.
More precisely, there is a bug in the current Syslog Parser for RFC 5424 (yet RFC 3164 is fine). You can read more here:
viewtopic.php?f=1&t=1692

I will let you know when version 5.4.0 is released by posting a message here, or if you need a fixed version of this Parser right now, please let me know, I will send you a fixed version of this Parser so that you can import it in LogMX, before v5.4.0 is released.

PS: the log example you posted here doesn't seem to be RFC5424 (nor RFC3164), it's maybe an internal format of Syslog-watcher... Anyway, even if your syslogs are formatted like this, LogMX can parse it too, since you can create your own LogMX Parsers :wink:

Xavier
roey
Posts: 7
Joined: Wed Jul 08, 2015 7:01 pm

Re: How to view Syslog log files?

Post by roey »

Hi Xavier,
Sure! If you could send the fixed RFC 5424 parser to me now privately, that would be much appreciated!

thanks!
--roy
admin
Site Admin
Posts: 555
Joined: Sun Dec 17, 2006 10:30 pm

Re: How to view Syslog log files?

Post by admin »

I've just sent it by private message :wink:
roey
Posts: 7
Joined: Wed Jul 08, 2015 7:01 pm

Re: How to view Syslog log files?

Post by roey »

great thanks!
admin
Site Admin
Posts: 555
Joined: Sun Dec 17, 2006 10:30 pm

Re: How to view Syslog log files?

Post by admin »

Hello,

LogMX v5.4.0 is now released and includes (among many other great things), a fixed version of this Syslog Parser :)

Please let me know if you have any other trouble or question

Xavier
Post Reply