On Tue, 15 Oct 2013, Jean-Luc Bassereau wrote:
Hello,
With my old settings, filtering was dons very randomly. Whereas it works as
expected with thé new rules. Is there a debug mode so that I coule exactly
tell you what happened ?
if you start rsyslog with -dn it spews out a TON of debug data (far more than
you need)
examples of log messages and info on where they end up is probably your best
bet.
your original config was:
if $msg contains 'ITEM1' then @(z9)graylog-server:514
if $msg contains 'ITEM2' then @(z9)graylog-server:514
I'm not familiar with what you are meaning to do with (z9).
with the new way of doing the filter
:$msg, contains 'ITEM1' then @graylog-server:514
:$msg, contains 'ITEM2' then @graylog-server:514
I think you have an error here, I think the correct syntax would be
:$msg, contains, 'ITEM1' @graylog-server:514
:$msg, contains, 'ITEM2' @graylog-server:514
note the extra , and the missing 'then'
David Lang
Regards.
Le 15 oct. 2013 19:54, "David Lang" <[email protected]> a écrit :
On Tue, 15 Oct 2013, Jean-Luc Bassereau wrote:
Hi,
I've upgraded an old version (v3) to the lastest available to me :
rsyslog-7.4.4-2
But now, I'm having troubles with my filters.
Here's my layout :
I want rsyslog to parse log files and send the event to a remote graylog2
server if the message contains something.
It used to work on my old rsyslog v3 with this kind of conf :
$ModLoad imfile
$InputFileName /some_place/to/the/logfile
$InputFileTag logfile-trace:
$InputFileStateFile stat-logifile-servername.log
$InputRunFileMonitor
if $msg contains 'ITEM1' then @(z9)graylog-server:514
if $msg contains 'ITEM2' then @(z9)graylog-server:514
As I've notices this kind of syntax is not anymore working.
I've tried to translate it into v7 this way :
the old syntax should continue to work, what error are you getting?
David Lang
$ModLoad imfile
$InputFileName /some_place/to/the/logfile
$InputFileTag logfile-trace:
$InputFileStateFile stat-logifile-servername.log
$InputRunFileMonitor
:$msg, contains 'ITEM1' then @graylog-server:514
:$msg, contains 'ITEM2' then @graylog-server:514
But, this is not working as I would like it to.
Messages seem to be forwarded randomly (at least they are not following
the
rules I'd like them to do...)
Any idea on my problem ?
______________________________**_________________
rsyslog mailing list
http://lists.adiscon.net/**mailman/listinfo/rsyslog<http://lists.adiscon.net/mailman/listinfo/rsyslog>
http://www.rsyslog.com/**professional-services/<http://www.rsyslog.com/professional-services/>
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
