There are some new features in version 6 that will allow you to create
your own tags (either the liblognorm stuff or the project lumberjack
stuff)
you can't modify any existing tags once the log is received, but you could
change the sender to put a tag in the right place so that it will get
parsed by the central server as one of those tags.
how many different types of tags are you talking about here? is it a
handful (where you could create specific rules for each tag)? or are there
a lot (where you really need to use the dynafile to create all the
destination directories)
David Lang
On Thu, 17 May 2012, Xavier Fustero wrote:
Date: Thu, 17 May 2012 09:52:38 +0200
From: Xavier Fustero <[email protected]>
Reply-To: rsyslog-users <[email protected]>
To: [email protected]
Subject: [rsyslog] Replacing regular expression for particular tag
Hi,
I want to ask what would be the best way to implement the following. I have
a several nodes identified with a particular ID (e.g: 01-9291212,
01-823HHK1). Those servers send their logs to a central rsyslog server
(RELP + stunnel). I want to create a directory entry on the server with
this ID name. Like rsyslog-server:/var/logs/01-9291212,
/var/logs/01-823HHK1 and so on.
My first attempt was to create a template on the client side and add this
ID manually
$template ID,"%TIMESTAMP% %HOSTNAME% %syslogtag% %syslogfacility-text%
%syslogseverity-text% *ID: 01-XXXXXXX* %syslogtag% %msg%\n
*.* :omrelp:127.0.0.1:port_number;ID
On the server side, I have created a regular expression to match a string
like 01-([0-9A-Za-a]{7} (my ID's format) and created dynamic templates for
each particular log: messages, maillog, cron, secure, etc.
E.g.: $Template Dyn_messages,
"/var/log/%msg:R,ERE,0,DFLT:01\-[0-9A-Z]{7}--end%/messages"
$template
Dyn_cron,"/var/log/%msg:R,ERE,0,DFLT:01\-[0-9A-Z]{7}--end%/cron"
...
I have a sequence of if/else where depending on facilities it sends to one
or another dynamic template. However, I would like to replace regular
expression for something like a %my_particular_tag%. I can't see the way I
can create this particular tag. They seem to be hardcoded. I also try to
modify property names (hostname,syslogtag,etc) and replace it for a
completely new name (my ID) but I can't find how to do this.
%propname:fromChar:toChar:options:fieldname% doesn't seem to allow this.
I would like to get ridd off regular expressions. They have an impact in
performance and complicate my templates on the server side. They also
created the directory **NO MATCH** which I would like to avoid. Using
tags, templates on server side would be something like:
$Template Dyn_messages, "/var/log/%mytag%/messages"
...
Does anybody know how to do this?
Thanks in advance,
Xavi
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
