I have the following in a config
set $!trusted!edge!time = $timegenerated;
and the timegenerated property is documented to always be a high-res timestamp
however, what I'm getting in the resulting log (as part of $! output) is the
short rfc3164 timestamp format
input is 'logger testtest'
$template structured_forwarding,"<%pri%>%timereported% %hostname% %syslogtag%
%$!%\n"
resulting log message is:
<13>Jul 24 21:51:42 app-server dlang: { "msg": "testtest", "trusted": {
"origserver": "10.1.2.9", "edge": { "time": "Jul 24 14:51:42", "relay":
"dlang-desktop2", "input": "imudp" }, "environment": "sending network" } }
This is 7.5.2 from the adiscon hosted packages.
full rsyslog.conf file:
module(load="imuxsock" SysSock.Annotate="on" SysSock.ParseTrusted="on")
module(load="imklog")
module(load="imudp")
input(type="imudp" port="514")
module(load="imtcp" MaxSessions="1000")
input(type="imtcp" port="514")
module(load="mmjsonparse")
module(load="omrelp")
action(type="mmjsonparse")
if $fromhost-ip != "127.0.0.1" then {
set $!trusted!origserver = $fromhost-ip;
set $!trusted!edge!time = $timegenerated;
set $!trusted!edge!relay = $$myhostname;
set $!trusted!edge!input = $inputname;
} else {
set $!trusted!local!input = $inputname;
}
set $!trusted!environment = "sending network"; # this should be replaced with a
lookup table call when that feature is added.
$template structured_forwarding,"<%pri%>%%timereported:rfc3339% %hostname%
%syslogtag% %$!%\n"
/var/log/messages;structured_forwarding
David Lang
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
