what facility and severity do the immark messages show up as?
immark just generates messages, normal filtering rules determine where theya re
sent, and the transport used (in this case RELP) has no effect on if they are
sent or not, it's all in the filters.
David Lang
On Thu, 12 Dec 2013, Erik Steffl wrote:
Date: Thu, 12 Dec 2013 02:30:52 -0800
From: Erik Steffl <[email protected]>
Reply-To: rsyslog-users <[email protected]>
To: rsyslog-users <[email protected]>
Subject: [rsyslog] immark - how to use with action(...)
How would I use immark to send mark messages for defined actions that use
omrelp?
I have tried something like this:
$ModLoad immark.so
$MarkMessagePeriod 60
if(..)
if
prifilt("local0.*") or
prifilt("local1.*") or
prifilt("local2.*") or
prifilt("local3.*") or
prifilt("local4.*") or
prifilt("local5.*") or
prifilt("local6.*") or
prifilt("local7.*")
then {
action(type="mmjsonparse")
if $parsesuccess == "OK" then {
action(
type="omrelp"
target="someHost"
port="5140"
template="json"
# see http://www.rsyslog.com/doc/node32.html
# disk used if forwarding blocked
queue.filename="json"
queue.maxdiskspace="75161927680" # 70GB (valuable data)
action.writeAllMarkMessages="on"
)
} else {
...
}
I see --MARK-- messages in /var/log/syslog and /var/log/kern.log but they are
not send by omrelp action (the action works fine, normal messages are going
through).
Verified where the --MARK-- messages are going using strace so pretty sure
they are only going to those two local files, nothing goes over RELP. Also
checked on the receiving side of RELP, no incoming messages have --MARK-- in
them. And the connection goes down which is also very strong indicator that
there are no --MARK-- messages.
How do I configure it so that the --MARK-- messages are send over RELP
protocol to someHost (over same TCP connection that the given action uses,
it's for purpose to keep alive the connection since RELP does not support
KeepAlive (yet, Rainer just added it to master, thanks!))
This is on Ubuntu 13.10 using rsyslog 7.5.6, librelp 1.2.0 from adiscon repo.
Thanks!
erik
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T
LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
