分类: LINUX
2008-03-03 22:11:56
Certain parts of syslog-ng (e.g., destination filenames and message content templates) can refer to one or more macros, which get expanded as a message is processed. The table below summarizes the macros available in syslog-ng.
# 注释 :syslog-ng 的某些部分(例如目标文件名和消息内容模版)允许使用1个或者多个宏。从而实现动态的文件名,或者重建消息。
Macros can be included by prefixing the macro name with a $ sign, just like in Bourne compatible shells.
Regarding braces around macro names, the following two formats are equivalent
"$MSG" and "${MSG}".
# 注释 :要引用宏,可以用 $
The macros related to the date of the message (e.g.: ISODATE, HOUR, etc.) have two further versions each:
one with the S_ and one with the R_ prefix (e.g.: S_DATE and R_DATE ). The S_DATE macro represents the date found in the
log message, i.e. when the message was sent by the original application. R_DATE is the date when syslog has received
the message. DATE equals either S_DATE or R_DATE, depending on the global option set in
the now deprecated use_time_recvd()
parameter (see ).
# 注释 :和消息的时间相关的宏有两种版本,一种是以 S_ 开头的,一种是以 R_ 开头的 。例如 S_DATE 和 R_DATE 。
# S_ 开头的表示在该消息被发出的时间,也就是源程序发出该消息的时间。而 R_ 开头表示的时间是 syslog-ng 收到该消息的时间。
| Name | Description |
|---|---|
| FACILITY |
The name of the facility from where the message originates.
# 注释 :$FACILITY 宏表示消息的原始 facility
|
| PRIORITY or LEVEL |
The priority of the message.
# 注释 :$LEVEL 表示消息的 severity |
| TAG |
The priority and facility encoded as a 2 digit hexadecimal number.
# 注释 :$TAG 表示2位16进制格式的 facility.priority
编码 |
| PRI |
The priority and facility encoded as a 2 or 3 digit decimal number as it is
present in syslog messages.
# 注释 :$PRI 表示2-3位的十进制格式的 facility.priority
|
| DATE, R_DATE, S_DATE |
Date of the message using the BSD-syslog style timestamp format
(month/day/hour/minute/second, each expressed in two digits). This is the
original syslog time stamp without year information, e.g.:
Jun 13 15:58:00. # 注释 :$DATE , $S_DATE , $R_DATE 表示消息的发送/接收时间,采用的是 BSD
格式的时间戳。(月/日/小时/分/秒)。注意,该格式是不带年份的。 |
| FULLDATE, R_FULLDATE, S_FULLDATE |
A nonstandard format for the date of the message using the same format as
DATE, but including the year as well,
e.g.: 2006 Jun 13 15:58:00.# 注释 :$FULLDATE , R_FULLDATE , S_FULLDATE
表示非标准格式的时间,格式是 |
| ISODATE, R_ISODATE, S_ISODATE |
Date of the message in the ISO 8601 compatible standard timestamp format
(yyyy-mm-ddThh:mm:ss+-ZONE), e.g.:
2006-06-13T15:58:00.123+01:00. If possible, it
is recommended to use ISODATE for
timestamping. Note that syslog-ng can produce fractions of a second (e.g.,
milliseconds) in the timestamp by using the frac_digits() global or per-destination
option.# 注释 :ISODATE , R_ISODATE , S_ISODATE 表示 ISO 8601
格式的时间。格式是 yyy-mm-ddHH:MM:SS [+-]
# 建议使用该时间格式。
# 注意,syslog-ng 可以精确到毫秒,具体的精度由 frac_digits
()定义,可以在全局选项或者在 destination 中定义 |
| STAMP, R_STAMP, S_STAMP |
A timestamp formatted according to the global
or per-destination option.
# 注释 :$STAMP ,R_STAMP、S_STAMP 表示根据
ts_format()选项得出的时间戳格式 |
| YEAR, R_YEAR, S_YEAR |
The year the message was sent.
# 注释 :$YEAR , $R_YEAR , $S_YEAR
表示该消息被发送/接受的年份 |
| MONTH, R_MONTH, S_MONTH |
The month the message was sent.
# 注释 :MONTH , R_MONTH ,S_MONTH
表示该消息被发送/接收的月份 |
| DAY, R_DAY, S_DAY |
The day the message was sent.
# 注释 :DAY , R_DAY、S_DAY
表示该消息被发送/接受是第几天 |
| WEEKDAY, R_WEEKDAY, S_WEEKDAY |
The 3-letter name of the day of week the message was sent, e.g.
Thu. # 注释 :WEEKDAY , R_WEEKDAY , S_WEEKDAY
表示该消息被发送/接收是星期几 |
| WEEK, R_WEEK, S_WEEK |
The week number of the year. (The first Monday in the year marks the first
week.)
# 注释 :WEEK , R_WEEK ,S_WEEK |
| HOUR, R_HOUR, S_HOUR |
The hour of day the message was sent.
|
| MIN, R_MIN, S_MIN |
The minute the message was sent.
|
| SEC, R_SEC, S_SEC |
The second the message was sent.
|
| UNIXTIME, R_UNIXTIME, S_UNIXTIME |
Standard unix timestamp, represented as the number of seconds since
1970-01-01T00:00:00. |
| TZOFFSET, R_TZOFFSET, S_TZOFFSET | The time-zone as hour offset from
GMT; e.g.: -07:00. In syslog-ng 1.6.x this
used to be -0700 but as ISODATE requires the colon it was added to TZOFFSET as well. |
| TZ, R_TZ, S_TZ | Equivalent to TZOFFSET, used to mean the time zone name abbreviation in syslog-ng 1.6.x. |
| HOST | The name of the source host where
the message originates from. If the message traverses several hosts and the chain_hostnames() option is on (see ), the first
host in the chain is used. |
| FULLHOST | The full FQDN of the host name chain (without trimming chained hosts), including the domain name. |
| HOST_FROM |
Name of the host that sent the message to syslog-ng, as resolved by
syslog-ng using DNS. If the message traverses several hosts, this is the last
host in the chain.
# 注释 :如果消息经过多个主机, HOST_FROM
表示最后一个主机 |
| FULLHOST_FROM |
FQDN of the host that sent the message to syslog-ng as resolved by
syslog-ng using DNS. If the message traverses several hosts, this is the last
host in the chain.
|
| SOURCEIP | IP address of the host that sent
the message to syslog-ng. (I.e. the IP address of the host in the FULLHOST_FROM macro.) Please note that when a
message traverses several relays, this macro contains the IP of the last relay.
|
| PROGRAM | The name of the program sending the message. |
| PID | The PID of the program sending the message. |
| MSG or MESSAGE |
Message contents including the program name and pid.
# 注释 :MSG 表示消息,还有程序名、pid |
| MSGONLY |
Message contents without the program name or pid.
# 注释 :MSGONLY 表示除了程序名、pid
之外的消息 |
Table 8.15. Macros available in filename expansion
