Hi, I have a feature request for tagging rules such that the tags appear in the output of impstats module.
The use case is that I want to parse rsyslog stats to tabulate and trend messages parsed by each rule. Since each rule processes a certain app-type in my environment, by tracking traffic per rule, I can keep a tab on volume flow for each app-type. Example, if a rule picks up "sshd" events and writes them to disk then I would like to measure how many "sshd" events are processed every 10 minutes or every hour. Since, for me, rsyslog is a transport mechanism (I store only an hour's worth of logs on the syslog server, hadoop is the permanent storage), I can them compare stats from rsyslog and hadoop to ensure proper data delivery without loss. Today, impstats lists an "Action" number for each rule but if I add/insert more rules then mapping of Action-number to app-type can go awry. So a rule tag would help keep track of stats in a more readable way. Also, for failed/dropped events, a string tag would readily tell me what app-type is causing issues. Right now, I have to map output of stats with rsyslog config to figure out which Action-number corresponds with what app-type/rule. TIA, Xuri _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
