From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org)
	by finch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-user+bounces-99226-garchives=archives.gentoo.org@lists.gentoo.org>)
	id 1MeojT-0003ec-6U
	for garchives@archives.gentoo.org; Sat, 22 Aug 2009 11:26:03 +0000
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id D4FECE02DF;
	Sat, 22 Aug 2009 11:26:00 +0000 (UTC)
Received: from mail-fx0-f211.google.com (mail-fx0-f211.google.com [209.85.220.211])
	by pigeon.gentoo.org (Postfix) with ESMTP id 946ABE02DF
	for <gentoo-user@lists.gentoo.org>; Sat, 22 Aug 2009 11:26:00 +0000 (UTC)
Received: by fxm7 with SMTP id 7so981785fxm.34
        for <gentoo-user@lists.gentoo.org>; Sat, 22 Aug 2009 04:26:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:received:received:message-id:date:from
         :user-agent:mime-version:to:subject:references:in-reply-to
         :content-type:content-transfer-encoding;
        bh=1P0s3Uzg2sVNNQIf+nlaPngm9AJGud3vUXOh9Gfnb8Y=;
        b=DmhGHYN36fpUZbZuqQ/YpGbi9UPAMC5z6gDVB/ag3Vg5DhoG8+xAxYS9oVMc0iwxH/
         drCxv8iCo1mPqEHhokrwpMqNiA1pQkkgZ8Eja0hi50gIsVDgGchTV8Vj8j+y+R5aDOOD
         Vd6PqZ2DMO9gSTInb9JNvEhRnReIoboZwxgAo=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=message-id:date:from:user-agent:mime-version:to:subject:references
         :in-reply-to:content-type:content-transfer-encoding;
        b=iP4YdEVORzF7BgeUp9ggcz8oOxnGhnom8Wt4xOCoKzqbRdY9zyzDALa/9/VCud2PTj
         /5dK9gOeJXusJvc8YSwoDNDUOVglCyxvSJPMY4z+DITjGAeyXO9hw04aS/l6uPnK2UvF
         lGyonETpjCNPIfGKLbKTGioARbRwfOnAgJpvQ=
Received: by 10.86.228.3 with SMTP id a3mr1630018fgh.51.1250940359923;
        Sat, 22 Aug 2009 04:25:59 -0700 (PDT)
Received: from ?192.168.1.20? (212-183-57-180.adsl.highway.telekom.at [212.183.57.180])
        by mx.google.com with ESMTPS id l19sm2610508fgb.28.2009.08.22.04.25.59
        (version=TLSv1/SSLv3 cipher=RC4-MD5);
        Sat, 22 Aug 2009 04:25:59 -0700 (PDT)
Message-ID: <4A8FD598.7000407@gmail.com>
Date: Sat, 22 Aug 2009 13:25:12 +0200
From: Jarry <mr.jarry@gmail.com>
User-Agent: Thunderbird 2.0.0.22 (Windows/20090605)
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@lists.gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
MIME-Version: 1.0
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] problem filtering portage messages...
References: <4A8FAEB7.2090806@gmail.com> <1250936829.1635.16.camel@blackwidow.nbk>
In-Reply-To: <1250936829.1635.16.camel@blackwidow.nbk>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Archives-Salt: 5e6f7ec7-fd60-4f7b-8e8a-bfda83e98492
X-Archives-Hash: 18362482410792a2e240f188389d063c

Albert Hopkins wrote:
> On Sat, 2009-08-22 at 10:39 +0200, Jarry wrote:
>> The problem is with portage logs: I can not find any pattern
>> I could use to filter them out.

> I'm not sure what you are trying to "filter out".  Portage logs are
> relatively machine-readable (e.g. qlop).

syslog-ng in client mode does not open new connection for every
source (be it /dev/log, /proc/kmsg/, /var/log/messages, etc.).
Instead of that, it opens only one connection and "pumps" logs
to server in one stream. It is a log-server's job to split it out.

The first quite natural filter-rule is to split logs according
to client-IP (or hostname). The second level is to split logs
according to application. I do not want to have logs from kernel,
sshd, apache, ntp, portage, ftp, dns, mixed together in one file.

And that is a problem. I can easily identify logs from i.e. sshd:
 > 2009-08-22T10:54:30+00:00 obelix sshd[6984]: Accepted...
Simply I use filter "sshd*" for the 3rd field (application name).

Or in case of ntpd-logs I put filter for "ntpd*":
 > 2009-08-22T10:54:48+00:00 nitino ntpd[4421]: synchronized...

But what do I have to do with this:
 > 1250867551:  *** Finished. Cleaning up...
or:
 > 1250867528: === Sync completed
How can a log-server indentify it as portage-log so that it could
save it into /var/log/$HOST/emerge.log?

> If you don't mind getting your hands dirty, portage is written mostly in
> python and bash so it shouldn't be that difficult to dig into the parts
> that handle emerge.log and emerge-fetch.log and convert them to syslog.

Well, I'm affraid this is beyond my skill. I've looked at those
scripts, but they seem to me to be really complicated...

Jarry

-- 
_______________________________________________________________
This mailbox accepts e-mails only from selected mailing-lists!
Everything else is considered to be spam and therefore deleted.