SYSLOG Output Format Parameters

Log Parser

previous page next page

SYSLOG Output Format Parameters

The SYSLOG output format supports the following parameters:

conf
  Values: file path
  Default: not specified
  Description: Syslog configuration file.
  Details: This parameter specifies the path to a configuration file that describes the rules used to forward messages to different destinations.
When this parameter is used, queries are allowed to not provide an INTO clause at all; if an INTO clause is used, its into-entity must be specified as "SYSLOG".
For more information on configuration files, see SYSLOG Output Format Configuration Files.
  Example: -conf:C:\mysyslog.conf
 
severity
  Values: <numeric_value> | <name> | $<field_name> | $<field_index>
  Default: info
  Description: Message severity level.
  Details: This parameter controls the value of the severity field of the output messages.
The possible values for this parameter are:
  • A numeric value, such as "1" or "7";
  • The name of a severity value, such as "alert" or "debug";
  • The name or the 1-based index of an output record field prepended with a dollar character ("$"), such as "$MySeverity" or "$2". The specified output record field must be of either the INTEGER data type - in which case its values are assumed to be numerical severity values, or of the STRING data type - in which case its values are assumed to be severity names among those described in the previous table.
    When an output record field value does not contain a recognized severity name or it contains a severity value greater than 7, the SYSLOG output format uses a default severity value of 6 ("info").
For more information on the severity field of the output messages, see SYSLOG Output Format Message Structure.
  Examples: -severity:1
-severity:alert
-severity:$MySeverity
-severity:$2
 
facility
  Values: <numeric_value> | <name> | $<field_name> | $<field_index>
  Default: user
  Description: Message facility.
  Details: This parameter controls the value of the facility field of the output messages.
The possible values for this parameter are:
  • A numeric value, such as "1" or "23";
  • The name of a facility value, such as "user" or "local7";
  • The name or the 1-based index of an output record field prepended with a dollar character ("$"), such as "$MyFacility" or "$2". The specified output record field must be of either the INTEGER data type - in which case its values are assumed to be numerical facility values, or of the STRING data type - in which case its values are assumed to be facility names among those described in the previous table.
    When an output record field value does not contain a recognized facility name or it contains a facility value greater than 23, the SYSLOG output format uses a default facility value of 1 ("user").
For more information on the facility field of the output messages, see SYSLOG Output Format Message Structure.
  Examples: -facility:23
-facility:local7
-facility:$MyFacility
-facility:$2
 
oTsFormat
  Values: timestamp format
  Default: MMM dp hh:mm:ss
  Description: Format of the timestamp field.
  Details: This parameter specifies the format of the timestamp field of the output messages.
For more information on date and time formats, see Timestamp Format Specifiers.
For more information on the timestamp field of the output messages, see SYSLOG Output Format Message Structure.
  Example: -oTsFormat:"MMM dd, yyyy"
 
hostName
  Values: localhost | <name> | $<field_name> | $<field_index>
  Default: localhost
  Description: Value of the hostname field.
  Details: This parameter controls the value of the hostname field of the output messages.
The possible values for this parameter are:
  • The "localhost" keyword, specifying that the field should be populated with the local computer name;
  • A generic string indicating the desired host name, such as "MYCOMPUTER";
  • The name or the 1-based index of an output record field prepended with a dollar character ("$"), such as "$MyHostname" or "$2". The specified output record field must be of the STRING data type, and its values will be used to populate the hostname field in the output messages.
For more information on the hostname field of the output messages, see SYSLOG Output Format Message Structure.
  Examples: -hostName:MYCOMPUTER
-hostName:$MyHostname
-hostName:$2
 
processName
  Values: <name> | $<field_name> | $<field_index>
  Default: LogParser:
  Description: Value of the tag field.
  Details: This parameter controls the value of the tag field of the output messages.
The possible values for this parameter are:
  • A generic string indicating the desired tag field value, such as "MyReports";
  • The name or the 1-based index of an output record field prepended with a dollar character ("$"), such as "$MyProgram" or "$2". The specified output record field must be of the STRING data type, and its values will be used to populate the tag field in the output messages.
For more information on the tag field of the output messages, see SYSLOG Output Format Message Structure.
  Examples: -processName:MyReports
-processName:$MyProgram
-processName:$2
 
separator
  Values: any string | space | tab
  Default: space
  Description: Separator between fields.
  Details: This parameter controls the separator to be used between the message fields.
The "tab" keyword causes the SYSLOG output format to use a single tab character between the fields, while the "space" keyword causes the SYSLOG output format to use a single space character.
  Example: -separator:tab
 
maxPacketSize
  Values: number of bytes
  Default: 1024
  Description: Maximum message size.
  Details: This parameter controls the maximum size of the messages generated by the SYSLOG output format.
Messages whose size exceeds the value specified for this parameter are either truncated or discarded, depending on the value of the "discardOversized" parameter.
  Example: -maxPacketSize:8192
 
discardOversized
  Values: ON | OFF
  Default: OFF
  Description: Discard oversized messages.
  Details: When this parameter is set to "ON", the SYSLOG output format discards messages whose size exceeds the value specified for the "maxPacketSize" parameter.
When this parameter is set to "OFF", the SYSLOG output format truncates oversized messages to the size specified with the "maxPacketSize" parameter.
  Example: -discardOversized:ON
 
protocol
  Values: UDP | TCP
  Default: UDP
  Description: Protocol used for transmission.
  Details: This parameter specifies the protocol to use when sending messages to Syslog servers.
  Example: -protocol:TCP
 
sourcePort
  Values: port number | *
  Default: *
  Description: Source port to use for transmission.
  Details: This parameter specifies the source port to use when sending messages to Syslog servers.
Specifying "*" causes the SYSLOG output format to choose any available port number.
  Example: -sourcePort:514
 
ignoreDspchErrs
  Values: ON | OFF
  Default: OFF
  Description: Ignore dispatch errors.
  Details: Setting this parameter to "ON" causes the SYSLOG output format to buffer errors occurring while transmitting messages to Syslog servers or users, reporting all the errors as warnings when the query execution has completed.
Setting this parameter to "OFF" causes the SYSLOG output format to report errors as they occur, aborting the execution of the query.
  Example: -ignoreDspchErrs:ON
 
oCodepage
  Values: codepage ID (number)
  Default: 0
  Description: Codepage of the output message text.
  Details: 0 is the system codepage, -1 is UNICODE.
  Example: -oCodepage:1245
 

© 2004 Microsoft Corporation. All rights reserved.

previous page start next page