Create a custom log file format in KSS NG
When you add an action to log messages to a file, you can specify the log file format. If you do not want to use the standard formats available, you can create your own custom file logging format.
- From the Kiwi Syslog NG navigation bar, choose Setup > Settings. Click Formatting.
- Click the Custom Formats drop-down menu and select Create New Format.
- Provide a name and description for your custom file format.
- Check each log file field box that you want to include in your custom file format. You can hover your cursor to the left of each field value and drag and drop to specify the order the fields will display in the logs. See the examples of fields and values below.
- Select the Date, Time, and Date-time format options from their respective drop-down menus.
- In the Field delimiter drop-down menu, select the character you want to use to separate the fields. Tab characters are the most common delimiters used for syslog files.
- In the Field qualifier drop-down menu, select an option to enclose each field in quotes or XML. This option is useful when the delimiter is a comma. if you do not want to use a qualifier, select None.
- Check the UTC adjust box to adjust the date and time stamps in your log files to UTC (GMT) time. The current time difference (in hours) between your system and UTC will be shown in brackets.
- Click Apply to save the format.
Custom fields are for use by the run script action. By writing a parsing script, the syslog message text can be broken down into various sub fields. The values can then be assigned to the custom fields and then logged to a file. Because each device manufacturer creates syslog messages in a different format, it is not possible to create a generic parser that will break up the message text into separate fields. A custom script must be written to parse the message text and then place it in the custom fields. If you check the Custom field box, all 16 custom fields will be written to the log file. Each custom field is separated by the selected delimiter character.
Examples of fields and values
The following table shows examples of fields and their values.
| Field name | Example |
|---|---|
| DATE | 28/01/2024 |
| TIME | 16:12:54 |
| DATE_TIME | 28/01/2024 16:12:54 |
| MILLISECONDS | 123 |
| TIME_ZONE | -13 hrs |
| FACILITY | Local7 |
| LEVEL | Debug |
| PRIORITY | Local7.Debug |
| HOST_ADDRESS | 192.168.0.1 |
| HOST_NAME | host.company.com |
| INPUT_SOURCE | UDP |
| MESSAGE_TEXT | This is a test message from Kiwi Syslog Server NG |
| CUSTOM | Custom01 Custom02 Custom03 etc. |