On Tue, Jun 5, 2012 at 1:37 AM, <[email protected]> wrote: > On Mon, 4 Jun 2012, C. L. Martinez wrote: > >> On Mon, Jun 4, 2012 at 12:04 PM, C. L. Martinez <[email protected]> >> wrote: >>> >>> On Mon, Jun 4, 2012 at 12:02 PM, <[email protected]> wrote: >>>> >>>> what is the template that you tried, what did you expect to get and what >>>> did >>>> you get instead. >>>> >>>> It should be very straightforward to do what you are asking for (If I >>>> understand it right), but more details would help identify the problem. >>>> >>>> David Lang >>>> >>>> >>> >>> I have tried this: >>> >>> $template rfc5424fmt,"PROGRAM: my_logs <%PRI%>1 >>> %TIMESTAMP:::date-rfc3339% %HOSTNAME% %APP-NAME% %PROCID% %MSGID% >>> %STRUCTURED-DATA% %msg%\n" >> >> >> Any help?? > > > give people time to respone :-) > > what do you get from this, and what are you expecting to get from this? > > what version of rsyslog are you running? > > you may want to try PROGRAMNAME instead of APP-NAME depending on what your > log source is. >
I am trying to correlate logs from a JunOS device receiving logs in structured format. Because JunOS doesn't sends programname in logs (and app-name shows me an empty field), I would like to assign a programname before rsyslog sends JunOS logs to a central syslog-ng/ossec server. I am using rsyslog 4.x in a CentOS6 host ... Thanks. _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards
