Hey all,
My rsyslog config works 99% of the time – which is great but the 1% is annoying
me :-)
I have the following configuration:
$ModLoad immark # provides --MARK-- message capability
$ModLoad imuxsock # provides support for local system logging (e.g. via
logger command)
$ModLoad imsolaris # kernel logging (imklog or imsolaris)
$ModLoad omrabbitmq # provides rabbitmq output
$ModLoad imudp.so # provides UDP syslog reception
$ModLoad imfile # provides FILE input
$UDPServerRun 514 # start a UDP syslog server at standard port 514
# Save all messages to /var/log/syslog for debug purposes too
*.* /var/log/syslog
$template
malefantJSON,"{%timestamp:::date-rfc3339,jsonf:@timestamp%,%source:::jsonf:@source%,%source:::jsonf:@source_host%,\"@message\":\"%msg:::json%\",\"@fields\":{%syslogfacility-text:::jsonf:facility%,%syslogseverity-text:::jsonf:severity%,%app-name:::jsonf:program%,%procid:::jsonf:processid%}}"
$RepeatedMsgReduction off
*.* action(type="omrabbitmq"
host="10.250.76.69"
virtual_host="/"
user="pump"
password="dump"
exchange="syslog"
routing_key="syslog.all"
template="malefantJSON")
Everyone now and then I get a date stamp in my SOURCE or SOURCE_HOST fields.
That does not make sense to me! :-)
--
Khushil Dep - Infrastructure Lead
MailOnline
@khushil
______________________________________________________________________
This e-mail and any attached files are intended for the named addressee only.
It contains information, which may be confidential and legally privileged and
also protected by copyright. Unless you are the named addressee (or authorised
to receive for the addressee) you may not copy or use it, or disclose it to
anyone else. If you received it in error please notify the sender immediately
and then delete it from your system. Please be advised that the views and
opinions expressed in this e-mail may not reflect the views and opinions of
Associated Newspapers Limited or any of its subsidiary companies. We make every
effort to keep our network free from viruses. However, you do need to check
this e-mail and any attachments to it for viruses as we can take no
responsibility for any computer virus which may be transferred by way of this
e-mail. Use of this or any other e-mail facility signifies consent to any
interception we might lawfully carry out to prevent abuse of these facilities.
Associated Newspapers Ltd. Registered Office: Northcliffe House, 2 Derry St,
Kensington, London, W8 5TT. Registered No 84121 England.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
