So I figured out part of the problem. The variable has to be defined in the Ruleset being used to process the messages.
So that's addressed. However I've found a new issue. As soon as I moved the variable creation into the correct location I started getting this: 3492.840094704:7fbf7f765700: ruleset.ProcessMsg() returns 0 3492.840100704:7fbf7f765700: regular consumer finished, iret=0, szlog 3 sz phys 5 3492.840106974:7fbf7f765700: DeleteProcessedBatch: we deleted 2 objects and enqueued 0 objects 3492.840112456:7fbf7f765700: doDeleteBatch: delete batch from store, new sizes: log 3, phys 3 3492.840119146:7fbf7f765700: processBatch: batch of 3 elements must be processed 3492.840125073:7fbf7f765700: scriptExec: batch of 3 elements, active (nil), active[0]:1 3492.840130480:7fbf7f765700: SET $!logtype = 3492.840139655:7fbf7f765700: function 're_extract' (id:8, params:5) 3492.840152719:7fbf7f765700: var '$msg' 3492.840163251:7fbf7f765700: string '^([A-Za-z0-9._-]+)\|([A-Za-z0-9._-]+)\|([A-Za-z0-9.]+)[-_]*([A-Za-z0-9_]*)[_-]*[a-zA-Z0-9_-]*([\^])' 3492.840177493:7fbf7f765700: 1 3492.840189200:7fbf7f765700: 0 3492.840199779:7fbf7f765700: string 'Unknown' 3492.840212766:7fbf7f765700: END SET 3492.840221553:7fbf7f765700: eval expr 0x22e7550, type 'F[70]' 3492.840227071:7fbf7f765700: rainerscript: executing function id 8 3492.840231980:7fbf7f765700: eval expr 0x22e4b60, type 'V[86]' 3492.840238303:7fbf7f765700: rainerscript: var '$msg': 'error during parsing file /etc/rsyslog.d/rsyslog-port21516.conf, on or before line 89: errors occured in file '/etc/rsyslog.d/rsyslog-port21516.conf' around line 89 [try http://www.rsyslog.com/e/2207 ]' 3492.840247125:7fbf7f765700: eval expr 0x22e4ba0, type 'N[78]' 3492.840251684:7fbf7f765700: eval expr 0x22e7450, type 'N[78]' 3492.840273716:7fbf7f765700: re_extract: regexec return is 1 3492.840279603:7fbf7f765700: re_extract: regex: end search, found 0 3492.840284018:7fbf7f765700: eval expr 0x22e7490, type 'S[83]' /bin/bash: line 1: 8940 Segmentation fault (core dumped) /sbin/rsyslogd -f /etc/rsyslog.d/rsyslog-port21516.conf -i /var/run/rsyslogd-port21516.pid -dn -- James -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Rainer Gerhards Sent: Thursday, September 19, 2013 8:04 AM To: rsyslog-users Subject: Re: [rsyslog] Local Variables Usage Question On Thu, Sep 19, 2013 at 3:00 PM, Boylan, James <[email protected]>wrote: > Interesting. > > 5432.930238294:7fb519873740: SET $!logtype = > 5432.930240993:7fb519873740: function 're_extract' (id:8, params:5) > 5432.930248315:7fb519873740: var '$msg' > 5432.930254522:7fb519873740: string > '^([A-Za-z0-9._-]+)\|([A-Za-z0-9._-]+)\|([A-Za-z0-9.]+)[-_]*([A-Za-z0-9_]*)[_-]*[a-zA-Z0-9_-]*([\^])' > 5432.930262987:7fb519873740: 1 > 5432.930268929:7fb519873740: 0 > 5432.930274860:7fb519873740: string 'Unknown' > 5432.930282966:7fb519873740: END SET > > Does this mean it is not resolving the $msg to the string to be > parsed? I know the end result is: > > No - also I think this is output from the optimizer step, isn't it. There it tells what the ruleset looks like (note that $msg is a var-type whereas "Unknown" is a constant string. > set $!logtype = re_extract($msg, > '^([A-Za-z0-9._-]+)\\|([A-Za-z0-9._-]+)\\|([A-Za-z0-9.]+)[-_]*([A-Za-z > 0-9_]*)[_-]*[a-zA-Z0-9_-]*([\\^])', > 1, 0, 'Unknown'); > > when used here: > $template > currAppLogDynFile,"/log/app-logs/%msg:R,ERE,1,DFLT:^([A-Za-z0-9._-]+)\|.*[\^]--end%/%FROMHOST%/%$YEAR%/%$MONTH%/%$DAY%/%msg:R,ERE,1,DFLT:^([A-Za-z0-9._-]+)\|.*[\^]--end%-%msg:R,ERE,1,DFLT:^.*\|([A-Za-z0-9._-]+)\|.*[\^]--end%-%msg:R,ERE,1,DFLT:^.*\|.*\|([A-Za-z0-9.]+)[-_]*.*[\^]--end%-%$!logtype%.log.%$HOUR%00--test" > > Results with the %$!logtype% resolving as nothing. It doesn't even > resolved to Unknown as I would have expected. > > Hard to tell without the full flow. Can you post the full debug log (e.g. via pastebin)? Rainer _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT. _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
