Skip to content

Commit 1f467dd

Browse files
authored
Highlighted field keywords #71 (#74)
Fixes: #71 Added backtick highlight to field names which have macro counterpart.
2 parents 035a19d + 7be8fdf commit 1f467dd

File tree

73 files changed

+179
-179
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

73 files changed

+179
-179
lines changed

_includes/doc/admin-guide/examples/anon-ip.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
### Example: Anonymizing IP addresses
22

3-
The following example replaces every IPv4 address in the MESSAGE part
3+
The following example replaces every IPv4 address in the `MESSAGE` part
44
with its SHA-1 hash:
55

66
```config

_includes/doc/admin-guide/options/flags.md

Lines changed: 5 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -9,8 +9,9 @@
99
* `expect-hostname`: When this flag is used syslog-ng OSE expects a log message that contains a hostname and parses the message accordingly. This is the default behavior for TCP sources. Note that pipe sources use the `no-hostname` flag by default.
1010
* `guess-timezone`: This flag allows the source to attempt to guess the timezone of the message if this information is not available in the message. Works when the incoming message stream is close to real time, and the timezone information is missing from the timestamp.
1111
* `kernel`: This flag sets the source default to the `LOG_KERN | LOG_NOTICE` priority if not specified otherwise.
12-
* `no-header`: This flag triggers syslog-ng OSE to parse only the PRI field of incoming messages, and put the rest of the message contents into `$MSG`.
13-
The functionality of `no-header` is similar to the `no-parse` flag, but the `no-header` flag does not skip the `PRI` field. The `no-header` flag signals syslog-ng OSE that the syslog header is not present (or does not adhere to the conventions / RFCs), so the entire message (except from the PRI field) is put into `$MSG`.
12+
* `no-header`: This flag triggers syslog-ng OSE to parse only the `PRI` field of incoming messages, and put the rest of the message contents into `MSG`.
13+
The functionality of `no-header` is similar to the `no-parse` flag, but the `no-header` flag does not skip the `PRI` field. The `no-header` flag signals syslog-ng OSE that the syslog header is not present (or does not adhere to the conventions / RFCs), so the entire message (except from the `PRI` field) is put into `MSG`.
14+
1415
```config
1516
parser p_syslog {
1617
syslog-parser(
@@ -19,7 +20,7 @@ The functionality of `no-header` is similar to the `no-parse` flag, but the `no-
1920
};
2021
```
2122

22-
* `no-hostname`: Enable this flag if the log message does not include the hostname of the sender host. This results in syslog-ng OSE assuming that the first part of the message header is `${PROGRAM}` instead of `${HOST}`.
23+
* `no-hostname`: Enable this flag if the log message does not include the hostname of the sender host. This results in syslog-ng OSE assuming that the first part of the message header is `PROGRAM` instead of `HOST`.
2324
```config
2425
source s_dell {
2526
network(
@@ -30,7 +31,7 @@ The functionality of `no-header` is similar to the `no-parse` flag, but the `no-
3031
```
3132

3233
* `no-multi-line`: This flag disables line-breaking in the messages and converts the entire message into a single line. Note that this happens only if the underlying transport method supports multi-line messages. Currently only the `file()` and `pipe()` drivers support multi-line messages.
33-
* `no-parse`: By default, syslog-ng OSE parses incoming messages as syslog messages. The `no-parse` flag disables syslog message parsing and processes the complete line as the message part of a syslog message. The syslog-ng OSE application generates a new syslog header (timestamp, host, and so on) automatically and puts the entire incoming message into the `MESSAGE` part of the syslog message (available using the `${MESSAGE}` macro). This flag is useful for parsing messages that do not complying to the syslog format.
34+
* `no-parse`: By default, syslog-ng OSE parses incoming messages as syslog messages. The `no-parse` flag disables syslog message parsing and processes the complete line as the message part of a syslog message. The syslog-ng OSE application generates a new syslog header (timestamp, host, and so on) automatically and puts the entire incoming message into the `MESSAGE` part of the syslog message (available using the ${MESSAGE} macro). This flag is useful for parsing messages that do not complying to the syslog format.
3435
* `dont-store-legacy-msghdr`: During default operation, syslog-ng OSE stores the original incoming header of the log message. This is useful if the original format of a non-syslog-compliant message must be retained. The syslog-ng OSE application automatically corrects minor header errors, for example, it adds a whitespace before "msg" in the following message: `Jan 22 10:06:11 host program:msg`. If storage of the original header of the message is not needed, enable the `dont-store-legacy-msghdr` flag.
3536
* `sanitize-utf8`: When this flag is used, syslog-ng OSE converts non-UTF-8 input to an escaped format, adhering to UTF-8.
3637
Prior to version 4.6, this only worked with parsing RFC3164 messages. In syslog-ng OSE 4.6 and later versions, RFC5424 and raw messages can also be parsed using this flag.

_includes/doc/admin-guide/options/host-override.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3,5 +3,5 @@
33
| Type: | string|
44
| Default: ||
55

6-
*Description:* Replaces the HOST part of the message with the
6+
*Description:* Replaces the `HOST` part of the message with the
77
parameter string.

_includes/doc/admin-guide/options/keep-hostname.md

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -6,18 +6,18 @@
66
*Description:* Enable or disable hostname rewriting.
77

88
- If enabled (**keep-hostname(yes)**), {{ site.product.short_name }} assumes that the
9-
incoming log message was sent by the host specified in the HOST
9+
incoming log message was sent by the host specified in the `HOST`
1010
field of the message.
1111

12-
- If disabled (**keep-hostname(no)**), {{ site.product.short_name }} rewrites the HOST
12+
- If disabled (**keep-hostname(no)**), {{ site.product.short_name }} rewrites the `HOST`
1313
field of the message, either to the IP address (if the use-dns()
1414
parameter is set to **no**), or to the hostname (if the use-dns()
1515
parameter is set to **yes** and the IP address can be resolved to a
1616
hostname) of the host sending the message to {{ site.product.short_name }}. For
1717
details on using name resolution in {{ site.product.short_name }}, see
1818
Using name resolution in syslog-ng.
1919

20-
**NOTE:** If the log message does not contain a hostname in its HOST field,
20+
**NOTE:** If the log message does not contain a hostname in its `HOST` field,
2121
{{ site.product.short_name }} automatically adds a hostname to the message.
2222
{: .notice--info}
2323

_includes/doc/admin-guide/options/prefix.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,7 @@ name-value pairs to help further processing. For example:
1212
the name of the macro, for example, **${my-parsed-data.name}**.
1313

1414
- If you forward the parsed messages using the IETF-syslog protocol,
15-
you can insert all the parsed data into the SDATA part of the
15+
you can insert all the parsed data into the `SDATA` part of the
1616
message using the **prefix(.SDATA.my-parsed-data.)** option.
1717

1818
Names starting with a dot (for example, .example) are reserved for use

_includes/doc/admin-guide/options/source-flags.md

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -28,15 +28,15 @@
2828
| LOG_NOTICE priority if not specified otherwise.
2929

3030
- *no-header*: The no-header flag triggers {{ site.product.short_name }} to parse only
31-
the PRI field of incoming messages, and put the rest of the message
31+
the `PRI` field of incoming messages, and put the rest of the message
3232
contents into ${MSG}.
3333

3434
Its functionality is similar to that of the no-parse flag, except
35-
the no-header flag does not skip the PRI field.
35+
the no-header flag does not skip the `PRI` field.
3636

3737
**NOTE:** Essentially, the no-header flag signals {{ site.product.short_name }} that the
3838
syslog header is not present (or does not adhere to the conventions
39-
/ RFCs), so the entire message (except from the PRI field) is put
39+
/ RFCs), so the entire message (except from the `PRI` field) is put
4040
into ${MSG}.
4141
{: .notice--info}
4242

@@ -55,8 +55,8 @@
5555
5656
- *no-hostname*: Enable the no-hostname flag if the log message does
5757
not include the hostname of the sender host. That way {{ site.product.short_name }}
58-
assumes that the first part of the message header is PROGRAM
59-
instead of HOST. For example:
58+
assumes that the first part of the message header is `PROGRAM`
59+
instead of `HOST`. For example:
6060
6161
```config
6262
source s_dell {
@@ -78,7 +78,7 @@
7878
message parsing and processes the complete line as the message part
7979
of a syslog message. The {{ site.product.short_name }} application will generate a
8080
new syslog header (timestamp, host, and so on) automatically and put
81-
the entire incoming message into the MESSAGE part of the syslog
81+
the entire incoming message into the `MESSAGE` part of the syslog
8282
message (available using the ${MESSAGE} macro). This flag is useful
8383
for parsing messages not complying to the syslog format.
8484

_includes/doc/admin-guide/options/value-pairs.md

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -12,8 +12,8 @@ formatted to JSON format, or directly used in a mongodb() destination.
1212

1313
The following example selects every available information about the log
1414
message, except for the date-related macros (R\_\* and S\_\*), selects
15-
the .SDATA.meta.sequenceId macro, and defines a new value-pair called
16-
MSGHDR that contains the program name and PID of the application that
15+
the ${.SDATA.meta.sequenceId} macro, and defines a new value-pair called
16+
`MSGHDR` that contains the program name and `PID` of the application that
1717
sent the log message.
1818

1919
```config
@@ -55,7 +55,7 @@ are evaluated in the following order:
5555

5656
*Description:* This option removes the specified macros from the selection. Use it to remove unneeded macros selected using the scope() parameter.
5757

58-
For example, the following example removes the SDATA macros from the selection.
58+
For example, the following example removes the `SDATA` macros from the selection.
5959

6060
```config
6161
value-pairs(
@@ -200,7 +200,7 @@ The rekey() option can be used with the format-json template-function as well, u
200200

201201
- *rfc5424*: The macros that correspond to the RFC-5424 (IETF-syslog) message format: ${FACILITY}, ${PRIORITY}, ${HOST}, ${PROGRAM}, ${PID}, ${MESSAGE}, ${MSGID}, ${R_DATE}, and the metadata from the structured-data (SDATA) part of RFC-5424 formatted messages, that is, every macro that starts with .SDATA..
202202

203-
The rfc5424 group also has the following alias: syslog-proto. Note that the value of ${R_DATE} will be listed under the DATE key. The rfc5424 group does not contain any metadata about the message, only information that was present in the original message. To include the most commonly used metadata (for example, the ${SOURCEIP} macro), use the selected-macros group instead.
203+
The rfc5424 group also has the following alias: syslog-proto. Note that the value of ${R_DATE} will be listed under the `DATE` key. The rfc5424 group does not contain any metadata about the message, only information that was present in the original message. To include the most commonly used metadata (for example, the ${SOURCEIP} macro), use the selected-macros group instead.
204204

205205
- *all-macros*: Include every hard macro. This group is mainly useful for debugging, as it contains redundant information (for example, the date-related macros include the date-related information several times in various formats).
206206

doc/_admin-guide/020_The_concepts_of_syslog-ng/007_The_structure_of_a_log_message/000_BSD_syslog_messages.md

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -34,10 +34,10 @@ size when using UDP destinations.
3434

3535
## The PRI message part
3636

37-
This section describes the PRI message part of a syslog message, according to the
37+
This section describes the `PRI` message part of a syslog message, according to the
3838
legacy syslog (BSD-syslog) protocol.
3939

40-
The PRI part of the syslog message (known as Priority value) represents
40+
The `PRI` part of the syslog message (known as Priority value) represents
4141
the Facility and Severity of the message. Facility represents the part
4242
of the system sending the message, while Severity marks its importance.
4343

@@ -57,7 +57,7 @@ PRI field (that is, Priority value):
5757

5858
>\<133\> Feb 25 14:09:07 webserver syslogd: restart
5959
60-
In this example, \<133\> represents the PRI field (Priority value). The
60+
In this example, \<133\> represents the `PRI` field (Priority value). The
6161
syslog message\'s Facility value is 16, and the Severity value is 5.
6262

6363
Substituting the numerical values into the \<PRI\> = ( \<facility\> \*
@@ -96,9 +96,9 @@ format. For details, see the ts-format() option in Global options.
9696

9797
## The MSG message part
9898

99-
This section describes the MSG message part of a syslog message, according to
99+
This section describes the `MSG` message part of a syslog message, according to
100100
the legacy syslog (BSD-syslog) protocol.
101101

102-
The MSG part contains the name of the program or process that generated
103-
the message, and the text of the message itself. The MSG part is usually
102+
The `MSG` part contains the name of the program or process that generated
103+
the message, and the text of the message itself. The `MSG` part is usually
104104
in the following format: *program\[pid\]: message text*.

doc/_admin-guide/020_The_concepts_of_syslog-ng/007_The_structure_of_a_log_message/001_IETF_syslog_messages.md

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,7 @@ The message corresponds to the following format:
2020

2121
>\<priority\>VERSION ISOTIMESTAMP HOSTNAME APPLICATION PID MESSAGEID STRUCTURED-DATA MSG
2222
23-
- Facility is 4, severity is 2, so PRI is 34.
23+
- Facility is 4, severity is 2, so `PRI` is 34.
2424

2525
- The VERSION is 1.
2626

@@ -32,9 +32,9 @@ The message corresponds to the following format:
3232

3333
- The APP-NAME is \"su\" and the PROCID is unknown.
3434

35-
- The MSGID is \"ID47\".
35+
- The `MSGID` is \"ID47\".
3636

37-
- The MSG is \"\'su root\' failed for lonvick\...\", encoded in UTF-8.
37+
- The `MSG` is \"\'su root\' failed for lonvick\...\", encoded in UTF-8.
3838

3939
- In this example, the encoding is defined by the BOM:
4040

@@ -44,14 +44,14 @@ The message corresponds to the following format:
4444
- There is no STRUCTURED-DATA present in the message, this is
4545
indicated by \"-\" in the STRUCTURED-DATA field.
4646

47-
The HEADER part of the message must be in plain ASCII format, the
47+
The `HEADER` part of the message must be in plain ASCII format, the
4848
parameter values of the STRUCTURED-DATA part must be in UTF-8, while the
4949
MSG part should be in UTF-8. The different parts of the message are
5050
explained in the following sections.
5151

5252
## The PRI message part
5353

54-
The PRI part of the syslog message (known as Priority value) represents
54+
The `PRI` part of the syslog message (known as Priority value) represents
5555
the Facility and Severity of the message. Facility represents the part
5656
of the system sending the message, while severity marks its importance.
5757
The Priority value is calculated by first multiplying the Facility
@@ -61,7 +61,7 @@ number by 8 and then adding the numerical value of the Severity.
6161

6262
## The HEADER message part
6363

64-
The HEADER part contains the following elements:
64+
The `HEADER` part contains the following elements:
6565

6666
- *VERSION*: Version number of the syslog protocol standard. Currently
6767
this can only be 1.
@@ -117,7 +117,7 @@ An example STRUCTURED-DATA block looks like:
117117
118118
## The MSG message part
119119

120-
The MSG part contains the text of the message itself. The encoding of
120+
The `MSG` part contains the text of the message itself. The encoding of
121121
the text must be UTF-8 if the BOM1 character is present in the message.
122122
If the message does not contain the BOM character, the encoding is
123123
treated as unknown. Usually messages arriving from legacy sources do not

doc/_admin-guide/020_The_concepts_of_syslog-ng/007_The_structure_of_a_log_message/002_EWMM_messages.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -29,9 +29,9 @@ The message has the following parts:
2929

3030
- The header of the complies with the
3131
IETF-syslog messages RFC-5424 message format,
32-
where the PROGRAM field is set to @syslog-ng, and the SDATA field is empty.
32+
where the `PROGRAM` field is set to @syslog-ng, and the `SDATA` field is empty.
3333

34-
- The MESSAGE part is in JSON format, and contains the actual message,
34+
- The `MESSAGE` part is in JSON format, and contains the actual message,
3535
as well as any name-value pairs that {{ site.product.short_name }} has attached to
3636
or extracted from the message. The ${.\_TAGS} field contains the
3737
identifier of the {{ site.product.short_name }} source that has originally received the

doc/_admin-guide/020_The_concepts_of_syslog-ng/008_Message_representation.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -66,7 +66,7 @@ rules or other means.
6666
Soft macros (sometimes also called name-value pairs) are either
6767
built-in macros automatically generated from the log message (for
6868
example, ${HOST}), or custom user-created macros generated by using
69-
the {{ site.product.short_name }} pattern database or a CSV-parser. The SDATA fields of
69+
the {{ site.product.short_name }} pattern database or a CSV-parser. The `SDATA` fields of
7070
RFC-5424 formatted log messages become soft macros as well. In
7171
contrast with hard macros, soft macros are writable and can be
7272
modified within {{ site.product.short_name }}, for example, using rewrite rules.

doc/_admin-guide/020_The_concepts_of_syslog-ng/009_Structuring_macros/000_Specifying_data_types.md

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -33,8 +33,8 @@ function supports data types.
3333

3434
## Example: Using type-hinting
3535

36-
The following example stores the MESSAGE, PID, DATE, and PROGRAM fields
37-
of a log message in a MongoDB database. The DATE and PID parts are
36+
The following example stores the `MESSAGE`, `PID`, `DATE`, and `PROGRAM` fields
37+
of a log message in a MongoDB database. The `DATE` and `PID` parts are
3838
stored as numbers instead of strings.
3939

4040
```config
@@ -52,7 +52,7 @@ Use the following example to format the same fields into JSON.
5252

5353
`$(format-json date=datetime("${UNIXTIME}") pid=int64("${PID}") program="${PROGRAM}" message="${MESSAGE}")`
5454

55-
Use the following example to format the MESSAGE field as a JSON list.
55+
Use the following example to format the `MESSAGE` field as a JSON list.
5656

5757
`$$(format-json message=list(${MESSAGE}))`
5858

@@ -118,7 +118,7 @@ The type of the field can be set. Type-casting can be executed using
118118
the set() and groupset() template functions, to properly promote the
119119
type information.
120120

121-
For more information, see Creating custom SDATA fields and
121+
For more information, see Creating custom `SDATA` fields and
122122
Setting multiple message fields to specific values.
123123

124124
### db-parser()

doc/_admin-guide/040_Quick-start_guide/002_Configuring_syslog-ng_relays/001_How_relaying_works.md

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -16,20 +16,20 @@ Depending on the settings of syslog-ng-relay, the following can happen.
1616

1717
- By default, the keep-hostname() option is disabled, so
1818
syslog-ng-relay writes the IP address of the sender host (in this
19-
case, 192.168.1.2) to the HOST field of the syslog message,
19+
case, 192.168.1.2) to the `HOST` field of the syslog message,
2020
discarding any IP address or hostname that was originally in the
2121
message.
2222

2323
- If the keep-hostname() option is enabled on syslog-ng-relay, but
2424
name resolution is disabled (the use-dns() option is set to **no**),
25-
syslog-ng-relay uses the HOST field of the message as-is, which is
25+
syslog-ng-relay uses the `HOST` field of the message as-is, which is
2626
probably 192.168.1.2.
2727

2828
- To resolve the 192.168.1.2 IP address to a hostname on
2929
syslog-ng-relay using a DNS server, use the **keep-hostname(no)**
3030
and **use-dns(yes)** options. If the DNS server is properly
3131
configured and reverse DNS lookup is available for the 192.168.1.2
32-
address, {{ site.product.short_name }} will rewrite the HOST field of the log
32+
address, {{ site.product.short_name }} will rewrite the `HOST` field of the log
3333
message to client-host.
3434

3535
**NOTE:** It is also possible to resolve IP addresses locally, without
@@ -40,8 +40,8 @@ Depending on the settings of syslog-ng-relay, the following can happen.
4040
- The above points apply to the {{ site.product.short_name }} server
4141
(syslog-ng-server) as well, so if syslog-ng-relay is configured
4242
properly, use the **keep-hostname(yes)** option on syslog-ng-server
43-
to retain the proper HOST field. Setting **keep-hostname(no)** on
44-
syslog-ng-server would result in {{ site.product.short_name }} rewriting the HOST
43+
to retain the proper `HOST` field. Setting **keep-hostname(no)** on
44+
syslog-ng-server would result in {{ site.product.short_name }} rewriting the `HOST`
4545
field to the address of the host that sent the message to
4646
syslog-ng-server, which is syslog-ng-relay in this case.
4747

doc/_admin-guide/060_Sources/140_Python/001_Python_logmessage_API.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,7 @@ from syslogng import LogMessage
1818
# Initialize an empty message with default values (recvd timestamp, rcptid, hostid, ...)
1919
msg = LogMessage()
2020

21-
# Initialize a message and set its MESSAGE field to the specified argument
21+
# Initialize a message and set its `MESSAGE` field to the specified argument
2222
msg = LogMessage("string or bytes-like object")
2323
```
2424

doc/_admin-guide/060_Sources/150_snmptrap/000_snmptrap_options.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -30,7 +30,7 @@ Default value: .snmp. option.
3030
*Description:* The snmptrap() source automatically parses the traps into
3131
name-value pairs, so you can handle the content of the trap as a
3232
structured message. Consequently, you might not even need the
33-
MESSAGE part of the log message. If set-message-macro() is set to
34-
**no**, {{ site.product.short_name }} leaves the MESSAGE part empty. If
33+
`MESSAGE` part of the log message. If set-message-macro() is set to
34+
**no**, {{ site.product.short_name }} leaves the `MESSAGE` part empty. If
3535
set-message-macro() is set to **yes**, {{ site.product.short_name }} generates a regular
3636
log message from the trap.

0 commit comments

Comments
 (0)