On Tue, 5 Jun 2012, C. L. Martinez wrote:
On Tue, Jun 5, 2012 at 1:37 AM, <[email protected]> wrote:
On Mon, 4 Jun 2012, C. L. Martinez wrote:
On Mon, Jun 4, 2012 at 12:04 PM, C. L. Martinez <[email protected]>
wrote:
On Mon, Jun 4, 2012 at 12:02 PM, <[email protected]> wrote:
what is the template that you tried, what did you expect to get and what
did
you get instead.
It should be very straightforward to do what you are asking for (If I
understand it right), but more details would help identify the problem.
David Lang
I have tried this:
$template rfc5424fmt,"PROGRAM: my_logs <%PRI%>1
%TIMESTAMP:::date-rfc3339% %HOSTNAME% %APP-NAME% %PROCID% %MSGID%
%STRUCTURED-DATA% %msg%\n"
Any help??
give people time to respone :-)
what do you get from this, and what are you expecting to get from this?
what version of rsyslog are you running?
you may want to try PROGRAMNAME instead of APP-NAME depending on what your
log source is.
I am trying to correlate logs from a JunOS device receiving logs in
structured format. Because JunOS doesn't sends programname in logs
(and app-name shows me an empty field), I would like to assign a
programname before rsyslog sends JunOS logs to a central
syslog-ng/ossec server.
I am using rsyslog 4.x in a CentOS6 host ...
first off rsyslog 4.x is very old, you should upgrade to at least 5.x, if
not 6.x. There is a lot of new stuff related to structured logging in 6.3
back to your problem.
if you log something with the format RSYSLOG_Debug, you will see all the
fields that your version of rsyslog is decoding.
David Lang
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
