On Thu, 24 May 2012, Xavier Fustero wrote:
HI,
Inline ...
On 23 May 2012 20:41, <[email protected]> wrote:
On Wed, 23 May 2012, Xavier Fustero wrote:
Hi,
On 17 May 2012 22:50, <[email protected]> wrote:
There are some new features in version 6 that will allow you to create
your own tags (either the liblognorm stuff or the project lumberjack
stuff)
thanks. I will check if it makes sense for us to move to version 6.
you can't modify any existing tags once the log is received, but you
could
change the sender to put a tag in the right place so that it will get
parsed by the central server as one of those tags.
That's exactly what I am trying to do. Creating a tag from sender. I can
create a template and put the text I want but I can't find through the
docs
how to extract this as a tag.
I have something like this in my client: $template lala,"%syslogtag%
HOST_ID %msg%"
My problem is I would like to parse this HOST_ID as a tag but I couldn't
find how so I am using a regular expression on the server to do this.
This
HOST_ID is always 01-(+7 alphanumeric characters).
$Template Dyn_messages,
"/var/log/%msg:R,ERE,0,DFLT:**01\-[0-9A-Z]{7}--end%/**messages"
and I would like to replace for something like
$Template Dyn_messages, "/var/log/%HOST_ID%/messages"
right now you have two choices.
1. put the HOST_ID in place of the servername in your template so that it
gets parsed as %hostname%
Correct me if I am wrong. Do you mean I should change something like (in
the client):
$template hostID,"%TIMESTAMP% *%HOSTNAME%* %syslogtag%
%syslogfacility-text% %syslogseverity% %msg%\n"
to
$template hostID,"%TIMESTAMP% *01-1V8IMU1* %syslogtag%
%syslogfacility-text% %syslogseverity% %msg%\n" ?
...
*.* :omrelp:127.0.0.1:20500;hostID
and then, in the server, I will be able to replace the regular expression
$Template Dyn_messages,
"/var/log//xavi/%msg:R,ERE,0,DFLT:01\-[0-9A-Z]{7}--end%/messages"
for
$Template Dyn_messages, "/var/log/xavi/%HOSTNAME%/messages" ?
yes. or more precisely, almost, the template should have <%PRI%> before
the timestamp when forwarding.
I don't understand how rsyslog from server knows %HOSTNAME% is the tag I
hardcoded in the client template.
the receiving syslog daemon parses the inbound message according to the
RFC standards. This say that the string after the timestamp is the
hostname. It doesn't know if it's really the hostname or not (the sender
can lie, as I am suggesting that you do in this case), but it assumes that
it is the hostname and puts it in the hostname property.
David Lang
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
