Tuesday, October 6, 2015

logger v2.28

logger is small util to send log messages from command line. It supports (relatively) a new systemd journal as well as classic syslog. The syslog is still de-facto standard for enterprise admins and the latest logger version add support for RFC5424. This RFC introduces "structured-data" and since v2.28 logger is going to support this feature too.

The structured data is parse-able part of the message in format:

 [SD-ID[@digits] SD-PARAM="value" SD-PARAM="value" ...]
for exmaple:
 <13>1 2015-10-01T14:07:59.168662+02:00 ws kzak - - [timeQuality tzKnown="1" isSynced="1" syncAccuracy="218616"] message
is complete message. The message structured data contains one element with ID "timeQuality". This is standardized element, the custom user defined elements have to use "@digits" suffix in the ID name. It's possible to have arbitrary number of the structured data elements.

And now this functionality is completely exported to logger command line to provide control over the elements, v2.28 is going to introduce two new options, --sd-id to specify structured data element ID and --sd-param to specify one SD-PARAM=value pair, for example:

 logger --rfc5424 --sd-id zoo@123                \
                  --sd-param tiger=\"hungry\"    \
                  --sd-param zebra=\"running\"   \
                  --sd-id manager@123            \
                  --sd-param onMeeting=\"yes\"   \
                  "this is message"   
  <13>1 2015-10-01T14:07:59.168662+02:00 ws kzak - - [timeQuality tzKnown="1" isSynced="1" syncAccuracy="218616"][zoo@123 tiger="hungry" zebra="running"][manager@123 onMeeting="yes"] this is message
message with three SD elements: timeQuality build-in element, zoo@123 and manager@123 user defined elements.

Now all you need is smart server side or log indexing tool that understand RFC5424 (e.g. rsyslog).