How does Tracking Center aggregate logs for a transaction?

S

stevewilwerding

New Member
Apr 21, 2023
20
1
3
When I look at the logs in Tracking Center, they are arranged by Time, From, and To, and if I expand one of them, I can see the entire transaction:

1684251982319.png

We are sending our logs to a log aggregation server, and would like to replicate that "grouping", but I'm not sure how. From what I can see, there are at least 4 IDs for this transaction: 243875 (which is internal and not in output logs), 717C92810AD, 2810F164639AA97ECEC, and 882CD2810FD. How does the Tracking Center know to aggregate all of these lines into one transaction?
 
Last edited:
Or, perhaps, is there a way to change the output so that it writes the From address on the status line (second to last line in my screenshot)?
 
stevewilwerding said:
How does the Tracking Center know to aggregate all of these lines into one transaction?
Click to expand...
By parsing and grouping the logs (parsing syslogs is quite a pita) - but what you could use is the `pmg-log-tracker` binary (which does the parsing and grouping - and send its output to your aggregation service.

For the details of the aggregation I'd refer you to the log-tracker source-code:
https://git.proxmox.com/?p=pmg-log-tracker.git;a=summary

I hope this helps!
 
You must log in or register to reply here.
Top Bottom