On Wed, 23 Apr 2014, Brian Huntington wrote:
Hello again, David,
I have a number of applications whose Apache and ModSecurity log files are
tranferred to a central log server for consumption by a number of customers
through both manual and automated processes. The reason I'd like to leave
have the logs 'pure' on the log server is to simplify the parsing for my
group and enterprise customers.
It seems to me at this point, that I may need to approach this on the log
server (receiver) side with a pipe/transform. This is most likely not a
difficult thing to do, but I wanted to take advantage of native rsyslog
functionality for this purpose if it was available -- I'm lazy.
but what you need is the logs that are written on the server to be "pure", what
goes over the wire doesn't matter.
so remove the template definition on the client, let it continue to put the
other data in front of the message as it goes over the wire.
Then on the server, use your template to only write the msg part out to where
it's going to be analyzed.
you are trying to change things in the wrong place, and as a result you are
sending invalid messages over the network.
David Lang
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
