Hi Clif, If I understand correctly, this means you have to change the syslogtag of messages coming to local5. Judging from this article, I don't think you can: http://www.rsyslog.com/how-to-set-variables-in-rsyslog-v7/
2013/10/2 Clif Smith <[email protected]> > I'm wanting to direct logs coming from Elasticsearch to the appropriate > destination, locally and on my central log server. Unfortunately, within > Elasticsearch, I don't see a way to set anything other than the log > facility. I'm running rsyslogd v5.8.6, the latest supported by Ubuntu > 12.04. Nothing on my Elasticserach servers is logging to local5. Would it > be possible to set the syslogtag (or program name) for anything logging > with local5? If so, my existing rsyslog rules would log it to the correct > destination both locally and remotely. I realize I could use a template to > set the destination on both the local and central servers if local5, > however I'd rather not do that should something else now or in the future > log at local5 without me realizing it. > > > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > DON'T LIKE THAT. > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
