首页 / 问题 / 正文

Python SysLogHandler -> syslog:logstash. 系统日志不变

4 投票
1 回答
2041 浏览
提问于 2025-04-19 14:15

我正在使用 logging.handlers.SysLogHandler 来记录日志,并把这些日志发送到 logstash。

这是我的 Python 代码:

import logging
from logging import handlers

# create logger
logger = logging.getLogger('simple_example')
logger.setLevel(logging.DEBUG)

# create console handler and set level to debug
ch = handlers.SysLogHandler(facility=handlers.SysLogHandler.LOG_AUTH)
ch.setLevel(logging.DEBUG)

# create formatter
formatter = logging.Formatter('%(asctime)s - %(name)s - %(levelname)s - %(message)s')

# add formatter to ch
ch.setFormatter(formatter)

# add ch to logger
logger.addHandler(ch)

logger.info('go')

这是 logstash 的配置:

input {
  syslog {
  }
}
output {
  stdout {codec => rubydebug {}}
}

这是 logstash 输出的内容:

{
           "message" => "<38>2014-09-03 12:48:36,700 - simple_example - INFO - go\u0000",
          "@version" => "1",
        "@timestamp" => "2014-09-03T12:48:36.702Z",
              "host" => "127.0.0.1",
              "tags" => [
        [0] "_grokparsefailure"
    ],
          "priority" => 13,
          "severity" => 5,
          "facility" => 1,
    "facility_label" => "user-level",
    "severity_label" => "Notice"
}

但是,如果我把 facility 改成 handlers.SysLogHandler.LOG_DAEMON,logstash 输出的内容并没有变化:

{
           "message" => "<30>2014-09-03 12:51:52,307 - simple_example - INFO - go\u0000",
          "@version" => "1",
        "@timestamp" => "2014-09-03T12:51:52.307Z",
              "host" => "127.0.0.1",
              "tags" => [
        [0] "_grokparsefailure"
    ],
          "priority" => 13,
          "severity" => 5,
          "facility" => 1,
    "facility_label" => "user-level",
    "severity_label" => "Notice"
}

我该如何更改:facility、severity、priority、facility_label 和 severity_label 呢?

很可能是因为 Python 没有添加这些信息:

output {
  stdout {}
}

2014-09-03T13:19:14.862+0000 127.0.0.1 <30>2014-09-03 13:19:14,860 - simple_example - INFO - go

那我该如何添加这些信息呢?

logging logging configuration syslog priority handlers logstash facility severity

1 个回答

2

我怎么改变:facility、severity、priority、facility_label、severity_label?

可以查看一下logging.handlers的文档:

  • 在初始化SysLogHandler时,你可以包含facility。允许的级别在上面链接的文档中有列出:

    ch = handlers.SysLogHandler(facility=handlers.SysLogHandler.LOG_AUTH, facility=LOG_LOCAL0)

  • priority是根据消息发送者设置的日志级别来映射的,比如logger.warn()logger.info()等。关于mapPriority的文档说明,“默认算法将DEBUG、INFO、WARNING、ERROR和CRITICAL映射到相应的syslog名称,其他所有级别名称都映射为'warning'。”

回答于 2025-04-19 由 Python大师
分享 举报

撰写回答