I am working on a similar problem. Trying to get rsyslog to output to SEC based on hostname regexes. I posted on the forum about this issue. http://kb.monitorware.com/post23524.html
Rainer responded and said it looked like too old of a version. Anyone know what version I need to get this up and running? Or anyone have any success running rsyslogv7 on ubuntu natty? My systems guys are supposed to upgrade me to precise, but they're really busy and this is blocking me from moving onto the next step :( On Wed, 19 Jun 2013, Radu Gheorghe wrote: > Hi Risto, > > Yes, I've used omprog and it's a good temporary solution :) There are > two things I've bumped into: > - performance. If you can develop (or pay Adiscon to develop) a > rsyslog output plugin that can do what your external program does, it > will probably be way faster. Because it can make use of rsyslog's > features, like having multiple threads or processing logs in batches > - reliability. omprog will restart your external program if it goes > down for any reason. But your external program needs to ingest > messages quickly, otherwise the pipe will get full (and it's 4-64K, it's not clear to me. > Tiny, anyway). At that point you will lose messages. You should not loose any logs until the main queue in rsyslog fills up, and even then you should only loose logs if they are sent to you via UDP. Were you seeing something else? David Lang > I'd say omprog is good if you don't care very much about those two. If > you do, I'd either look at a new plugin or at writing to a file and > picking up those logs from a file (or distributed file system?). > Writing to a file opens another can of worms (like, your app has to > know where it left off when it restarts), but at least you have a beefy buffer. > > > 2013/6/19 Risto Vaarandi <[email protected]> > >> hi all, >> I was wondering what would be the best way to run an external program >> from rsyslogd, so that the program's stdin would be connected to >> rsyslogd over a pipe. >> >> From the rsyslogd docs, I've found the omprog module as one possible >> solution. For example, the following statements >> >> $ModLoad omprog >> $ActionOMProgBinary /root/test.sh >> *.* :omprog: >> >> run /root/test.sh from rsyslogd and feed all log messages to the >> standard input of /root/test.sh. >> >> My question is -- are there any other (or better) ways for achieving >> the same setup? >> >> (Of course, one obvious way would be to use a named pipe for >> communication.) >> >> kind regards, >> risto >> ______________________________**_________________ >> rsyslog mailing list >> http://lists.adiscon.net/**mailman/listinfo/rsyslog<http://lists.adis<http://lists.adiscon.net/**mailman/listinfo/rsyslog%3chttp:/lists.adis> >> con.net/mailman/listinfo/rsyslog> >> http://www.rsyslog.com/**professional-services/<http://www.rsyslog.co<http://www.rsyslog.com/**professional-services/%3chttp:/www.rsyslog.co> >> m/professional-services/> What's up with rsyslog? Follow >> https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing >> list, posts are ARCHIVED by a myriad of sites beyond our control. >> PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT. >> > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE > WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT. > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT. _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
