On Wed, 23 May 2012, Xavier Fustero wrote:
Hi,
On 17 May 2012 22:50, <[email protected]> wrote:
There are some new features in version 6 that will allow you to create
your own tags (either the liblognorm stuff or the project lumberjack stuff)
thanks. I will check if it makes sense for us to move to version 6.
you can't modify any existing tags once the log is received, but you could
change the sender to put a tag in the right place so that it will get
parsed by the central server as one of those tags.
That's exactly what I am trying to do. Creating a tag from sender. I can
create a template and put the text I want but I can't find through the docs
how to extract this as a tag.
I have something like this in my client: $template lala,"%syslogtag%
HOST_ID %msg%"
My problem is I would like to parse this HOST_ID as a tag but I couldn't
find how so I am using a regular expression on the server to do this. This
HOST_ID is always 01-(+7 alphanumeric characters).
$Template Dyn_messages,
"/var/log/%msg:R,ERE,0,DFLT:01\-[0-9A-Z]{7}--end%/messages"
and I would like to replace for something like
$Template Dyn_messages, "/var/log/%HOST_ID%/messages"
right now you have two choices.
1. put the HOST_ID in place of the servername in your template so that it
gets parsed as %hostname%
2. use version 6 with either the project lumberjack parsing of JSON
messages or the mmnormalize module to create custom tags.
how many different types of tags are you talking about here? is it a
handful (where you could create specific rules for each tag)? or are there
a lot (where you really need to use the dynafile to create all the
destination directories)
There will be a lot. This is a project for launching nodes in the cloud.
In that case, you probably want to go with the version 6.3+ stuff that
lets you create custom tags by either parsing JSON formatted messages or
with the mmnormalize module
David Lang
Thanks a lot,
Xavi
David Lang
On Thu, 17 May 2012, Xavier Fustero wrote:
Date: Thu, 17 May 2012 09:52:38 +0200
From: Xavier Fustero <[email protected]>
Reply-To: rsyslog-users <[email protected]>
To: [email protected]
Subject: [rsyslog] Replacing regular expression for particular tag
Hi,
I want to ask what would be the best way to implement the following. I
have
a several nodes identified with a particular ID (e.g: 01-9291212,
01-823HHK1). Those servers send their logs to a central rsyslog server
(RELP + stunnel). I want to create a directory entry on the server with
this ID name. Like rsyslog-server:/var/logs/01-**9291212,
/var/logs/01-823HHK1 and so on.
My first attempt was to create a template on the client side and add this
ID manually
$template ID,"%TIMESTAMP% %HOSTNAME% %syslogtag% %syslogfacility-text%
%syslogseverity-text% *ID: 01-XXXXXXX* %syslogtag% %msg%\n
*.* :omrelp:127.0.0.1:port_number;**ID
On the server side, I have created a regular expression to match a string
like 01-([0-9A-Za-a]{7} (my ID's format) and created dynamic templates for
each particular log: messages, maillog, cron, secure, etc.
E.g.: $Template Dyn_messages,
"/var/log/%msg:R,ERE,0,DFLT:**01\-[0-9A-Z]{7}--end%/**messages"
$template
Dyn_cron,"/var/log/%msg:R,ERE,**0,DFLT:01\-[0-9A-Z]{7}--end%/**cron"
...
I have a sequence of if/else where depending on facilities it sends to one
or another dynamic template. However, I would like to replace regular
expression for something like a %my_particular_tag%. I can't see the way I
can create this particular tag. They seem to be hardcoded. I also try to
modify property names (hostname,syslogtag,etc) and replace it for a
completely new name (my ID) but I can't find how to do this.
%propname:fromChar:toChar:**options:fieldname% doesn't seem to allow
this.
I would like to get ridd off regular expressions. They have an impact in
performance and complicate my templates on the server side. They also
created the directory **NO MATCH** which I would like to avoid. Using
tags, templates on server side would be something like:
$Template Dyn_messages, "/var/log/%mytag%/messages"
...
Does anybody know how to do this?
Thanks in advance,
Xavi
______________________________**_________________
rsyslog mailing list
http://lists.adiscon.net/**mailman/listinfo/rsyslog<http://lists.adiscon.net/mailman/listinfo/rsyslog>
http://www.rsyslog.com/**professional-services/<http://www.rsyslog.com/professional-services/>
What's up with rsyslog? Follow https://twitter.com/rgerhards
______________________________**_________________
rsyslog mailing list
http://lists.adiscon.net/**mailman/listinfo/rsyslog<http://lists.adiscon.net/mailman/listinfo/rsyslog>
http://www.rsyslog.com/**professional-services/<http://www.rsyslog.com/professional-services/>
What's up with rsyslog? Follow https://twitter.com/rgerhards
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
