[KLUG Members] syslogd

[Bert Obbink]

Bruce Smith wrote:

>>I need to add a time stamp (or at least a year field) to the messages 
>>stored in /var/log/messages. I can't find any parameters on syslog that 
>>makes such possible. Does somebody know if there is a way to change the 
>>date stored?
>>
>
>The command "logger" can write entries to the syslog file from a 
>shell script.  You could log the year and use cron to schedule it
>automatically once a year.  (or however often you like :)
>
That isn't precise enough to solve my problem. I need(ed) a time stamp 
when feeding the /var/log/messages file to a perl script.


Basically, we have a cisco router that is being used for customar 
support, both ways, and for home workers. The router is sending his 
statistics to the syslog daemon on my gatewaye to that router. The above 
mentioned script keeps track of what the router is doing and writes data 
about connections to a mySql database. That database holds information 
about who called who and how long connections langed. Sumerizing 
connection times. Because of that I don't want data from syslog that has 
been seen already. The router does send along a sequence number, 
unfortunally that is being set back to 0 when the router resets.

Probally the best way to solve the problem is to alter the syslog daemon 
to add a timestamp. But this has some drawbacks on maintanance. I did 
solve this now by writing a second script that reads the 
/var/log/messages file for router originated messages and moves thoose 
to another file adding a timestamp on the way. This second script starts 
before syslog starts and ends after syslog ends. (changed 
/etc/rc.d/syslog). The original script now uses
the timestamp as a sequence number, I believe this solves the problem as 
the database holds the last seen sequence number.

Bert.