On Wed, Oct 16, 2013 at 8:10 AM, Xuri Nagarin <[email protected]> wrote:
> Hi, > > I have a feature request for tagging rules such that the tags appear in the > output of impstats module. > > can you pls be a bit more precise what exactly you understand under "tagging rules". Can you provide a sample? > The use case is that I want to parse rsyslog stats to tabulate and trend > messages parsed by each rule. Since each rule processes a certain app-type > in my environment, by tracking traffic per rule, I can keep a tab on volume > flow for each app-type. > > Example, if a rule picks up "sshd" events and writes them to disk then I > would like to measure how many "sshd" events are processed every 10 minutes > or every hour. > > Since, for me, rsyslog is a transport mechanism (I store only an hour's > worth of logs on the syslog server, hadoop is the permanent storage), I can > them compare stats from rsyslog and hadoop to ensure proper data delivery > without loss. > > Today, impstats lists an "Action" number for each rule but if I add/insert > more rules then mapping of Action-number to app-type can go awry. So a rule > tag would help keep track of stats in a more readable way. > > If you name the action, the action name is used instead of the number (actually, rsyslog names actions as ActionX if no name is given). It may be that this is a relatively recent capability, so you may want to check the ChangeLog. Rainer > Also, for failed/dropped events, a string tag would readily tell me what > app-type is causing issues. Right now, I have to map output of stats with > rsyslog config to figure out which Action-number corresponds with what > app-type/rule. > > TIA, > > Xuri > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > DON'T LIKE THAT. > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
