# /usr/bin/logger tagging with PID



## jnojr (Mar 25, 2014)

My PF logs wind up looking like:


```
Mar 25 13:59:02 flamingo pf[57755]: 00:01:34.232090 rule 0/0(match): block in on en0: 172.24.32.41 > 224.0.0.1: igmp query v2
```

Is there any way to get logger(1) to NOT append its PID, so the lines could look like:


```
Mar 25 13:59:02 flamingo pf: 00:01:34.232090 rule 0/0(match): block in on en0: 172.24.32.41 > 224.0.0.1: igmp query v2
```


----------



## uzsolt (Mar 27, 2014)

Are you sure that `/usr/bin/logger` does this?
Try `logger -t foo bar`


----------



## SirDice (Mar 28, 2014)

It's not logger(1), it's probably PF itself. It most likely uses openlog(3) or syslog(3) with LOG_PID set.


----------



## wblock@ (Mar 28, 2014)

If you're analyzing the logs, filtering out the PID is possible (tested):
`echo "Mar 25 13:59:02 flamingo pf[57755]: 00:01:34.232090 rule 0/0(match): block in on en0: 172.24.32.41 > 224.0.0.1: igmp query v2" | sed -E -e 's/pf\[[0-9]+\]/pf/g'`


----------

