Re: [rsyslog] Logging 'msg' only

Fri, 11 Apr 2014 12:00:49 -0700

try starting rsyslog with -dn to see the startup debug messages. I'll bet that there's something that it's not happy with in the config syntax and that's casusing something to fail
one note, you don't need the - everything in rsyslog is async unless you go to a lot of trouble to force it otherwise. 

David Lang

On Fri, 11 Apr 2014, Steve Dainard wrote:


Date: Fri, 11 Apr 2014 14:31:47 -0400
From: Steve Dainard <[email protected]>
Reply-To: rsyslog-users <[email protected]>
To: [email protected]
Subject: [rsyslog] Logging 'msg' only

Hello list,

I have a couple cisco routers sending sip message debug information to an
rsyslog server running on Centos 6.5.

I've setup the following template to separate out the logging files:

$template DynaFile,"/var/log/%HOSTNAME%.log"
*.* -?DynaFile

$template MsgFormat,"%msg%\n"

if $fromhost-ip == '10.0.250.4' then -?DynaFile;MsgFormat
if $fromhost-ip == '10.1.1.6' then -?DynaFile;MsgFormat

With these templates the output from the router is formatted as such (note
date/timestamp/hostname):

Apr 11 14:17:28 10.0.250.4 : //-1/xxxxxxxxxxxx/SIP/Msg/ccsipDisplayMsg:
//-1/xxxxxxxxxxxx/SIP/Msg/ccsipDisplayMsg:
Apr 11 14:17:28 10.0.250.4 : Received:
Apr 11 14:17:28 10.0.250.4 : INVITE sip:[email protected]:5060SIP/2.0#015
Apr 11 14:17:28 10.0.250.4 : Via: SIP/2.0/TCP 10.0.6.30:5060
;branch=z9hG4bK371ba1ab73caa#015
Apr 11 14:17:28 10.0.250.4 : From: "User Name" <sip:[email protected]

;tag=319318~d732e07f-799a-4d2b-9d6a-ae2aaf54507d-19889474#015

Apr 11 14:17:28 10.0.250.4 : To: <sip:[email protected]>#015
Apr 11 14:17:28 10.0.250.4 : Date: Fri, 11 Apr 2014 18:18:12 GMT#015
Apr 11 14:17:28 10.0.250.4 : Call-ID:
[email protected]#015
Apr 11 14:17:28 10.0.250.4 : Supported: timer,resource-priority,replaces#015
Apr 11 14:17:28 10.0.250.4 : Min-SE:  1800#015
Apr 11 14:17:28 10.0.250.4 : User-Agent: Cisco-CUCM9.1#015
Apr 11 14:17:28 10.0.250.4 : Allow: INVITE, OPTIONS, INFO, BYE, CANCEL,
ACK, PRACK, UPDATE, REFER, SUBSCRIBE, NOTIFY#015
Apr 11 14:17:28 10.0.250.4 : CSeq: 101 INVITE#015
Apr 11 14:17:28 10.0.250.4 : Expires: 180#015
Apr 11 14:17:28 10.0.250.4 : Allow-Events: presence#015
Apr 11 14:17:28 10.0.250.4 : Supported:
X-cisco-srtp-fallback,X-cisco-original-called#015
Apr 11 14:17:28 10.0.250.4 : Cisco-Guid:
2734542720-0000065536-0000042552-0503709706#015
Apr 11 14:17:28 10.0.250.4 : Session-Expires:  1800#015
Apr 11 14:17:28 10.0.250.4 : P-Asserted-Identity: "User Name" <
sip:[email protected]>#015
Apr 11 14:17:28 10.0.250.4 : Remote-Party-ID: "User Name" <
sip:[email protected]>;party=calling;screen=yes;privacy=off#015
Received:
INVITE sip:[email protected]:5060 SIP/2.0#015
Via: SIP/2.0/TCP 10.0.6.30:5060;branch=z9hG4bK371ba1ab73caa#015
From: "User Name" <sip:[email protected]

;tag=319318~d732e07f-799a-4d2b-9d6a-ae2aaf54507d-19889474#015

To: <sip:[email protected]>#015
Date: Fri, 11 Apr 2014 18:18:12 GMT#015
Call-ID: [email protected]#015
Supported: timer,resource-priority,replaces#015
Min-SE:  1800#015
User-Agent: Cisco-CUCM9.1#015
Allow: INVITE, OPTIONS, INFO, BYE, CANCEL, ACK, PRACK, UPDATE, REFER,
SUBSCRIBE, NOTIFY#015
CSeq: 101 INVITE#015
Expires: 180#015
Allow-Events: presence#015
Supported: X-cisco-srtp-fallback,X-cisco-original-called#015
Cisco-Guid: 2734542720-0000065536-0000042552-0503709706#015
Session-Expires:  1800#015
P-Asserted-Identity: "User Name" <sip:[email protected]>#015
Remote-Party-ID: "User Name" <sip:[email protected]

;party=calling;screen=yes;privacy=off#015

Apr 11 14:17:28 10.0.250.4 : Contact: <sip:[email protected]:5060
;transport=tcp>#015
Apr 11 14:17:28 10.0.250.4 : Max-Forwards: 70#015
Apr 11 14:17:28 10.0.250.4 : Content-Length: 0#015
Apr 11 14:17:28 10.0.250.4 : #015
Apr 11 14:17:28 10.0.250.4 : //6161/A2FDCF800000/SIP/Msg/ccsipDisplayMsg:

And I want it to look like this (no date/timestamp/hostname):

//-1/xxxxxxxxxxxx/SIP/Msg/ccsipDisplayMsg:
//-1/xxxxxxxxxxxx/SIP/Msg/ccsipDisplayMsg:
Received:
INVITE sip:[email protected]:5060 SIP/2.0#015
Via: SIP/2.0/TCP 10.0.6.30:5060;branch=z9hG4bK371ba1ab73caa#015
From: "User Name" <sip:[email protected]

;tag=319318~d732e07f-799a-4d2b-9d6a-ae2aaf54507d-19889474#015

To: <sip:[email protected]>#015
Date: Fri, 11 Apr 2014 18:18:12 GMT#015
Call-ID: [email protected]#015
Supported: timer,resource-priority,replaces#015
Min-SE:  1800#015
User-Agent: Cisco-CUCM9.1#015
Allow: INVITE, OPTIONS, INFO, BYE, CANCEL, ACK, PRACK, UPDATE, REFER,
SUBSCRIBE, NOTIFY#015
CSeq: 101 INVITE#015
Expires: 180#015
Allow-Events: presence#015
Supported: X-cisco-srtp-fallback,X-cisco-original-called#015
Cisco-Guid: 2734542720-0000065536-0000042552-0503709706#015
Session-Expires:  1800#015
P-Asserted-Identity: "User Name" <sip:[email protected]>#015
Remote-Party-ID: "User Name" <sip:[email protected]

;party=calling;screen=yes;privacy=off#015

Received:
INVITE sip:[email protected]:5060 SIP/2.0#015
Via: SIP/2.0/TCP 10.0.6.30:5060;branch=z9hG4bK371ba1ab73caa#015
From: "User Name" <sip:[email protected]

;tag=319318~d732e07f-799a-4d2b-9d6a-ae2aaf54507d-19889474#015

To: <sip:[email protected]>#015
Date: Fri, 11 Apr 2014 18:18:12 GMT#015
Call-ID: [email protected]#015
Supported: timer,resource-priority,replaces#015
Min-SE:  1800#015
User-Agent: Cisco-CUCM9.1#015
Allow: INVITE, OPTIONS, INFO, BYE, CANCEL, ACK, PRACK, UPDATE, REFER,
SUBSCRIBE, NOTIFY#015
CSeq: 101 INVITE#015
Expires: 180#015
Allow-Events: presence#015
Supported: X-cisco-srtp-fallback,X-cisco-original-called#015
Cisco-Guid: 2734542720-0000065536-0000042552-0503709706#015
Session-Expires:  1800#015
P-Asserted-Identity: "User Name" <sip:[email protected]>#015
Remote-Party-ID: "User Name" <sip:[email protected]

;party=calling;screen=yes;privacy=off#015

Contact: <sip:[email protected]:5060;transport=tcp>#015
Max-Forwards: 70#015
Content-Length: 0#015
#015
//6161/A2FDCF800000/SIP/Msg/ccsipDisplayMsg:


From what I've read $template MsgFormat,"%msg%\n" should work, so I'm a bit
confused.

If I comment out #$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
the formatting is:

2014-04-11T14:25:20.296816-04:00 10.0.250.4 : a=rtpmap:0 PCMU/8000#015
2014-04-11T14:25:20.296816-04:00 10.0.250.4 : a=ptime:20#015
2014-04-11T14:25:20.296816-04:00 10.0.250.4 : a=rtpmap:101
telephone-event/8000#015
2014-04-11T14:25:20.296816-04:00 10.0.250.4 : a=fmtp:101 0-15#015

So its definitely rsyslog formatting, not the client side.

Any help is appreciated, thanks.



*Steve*
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.


_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.






















					Reply via email to