SYSLOG Output Format Into-Entity Syntax

Log Parser

previous page next page

SYSLOG Output Format Into-Entity Syntax

<into-entity> ::= <action> [ , <action> ... ] |
SYSLOG
<action> ::= <send_server> |
<send_file> |
<send_user>
<send_server> ::= @<server_name>[:<port>]
<send_file> ::= <filepath> |
STDOUT
<send_user> ::= <user_name>
The <into-entity> specified in queries using the SYSLOG output format is either the "SYSLOG" keyword, which specifies that messages should be forwarded according to the rules in the configuration file specified for the conf parameter, or a comma-separated list of actions, where each action is either:
  • The name or address of a Syslog server, preceded by an at character ("@") and optionally followed by a port number; when no port number is specified, the SYSLOG output format will use port 514;
  • The path of an output filename;
  • The STDOUT keyword, which specifies that the output data is to be written to the output stream (the console output);
  • The name of a user, to which Syslog messages will be sent through the Windows alerter and messenger services.

When a configuration file has been specified through the "conf" parameter, queries are allowed to not provide an INTO clause at all; if an INTO clause is used, its into-entity must be specified as "SYSLOG".
When a configuration file has not been specified, the INTO clause is mandatory and it must contain at least one valid action.

Actions specified in the into-entity are processed as configuration rules having a selector that matches all messages, with a "*" facility value and an "emerg" severity value.

Examples:

INTO SYSLOG

INTO @MYSERVER02:515

INTO \\COMPUTER01\Reports\report.txt

INTO MYUSER

INTO @MYSERVER01, C:\MyLogs\Infos.txt, STDOUT, MYUSER, @192.168.1.100:515

© 2004 Microsoft Corporation. All rights reserved.

previous page start next page