1- I have installed mmjasonparse, mmnormalize, omelasticsearch by following
command.
sudo apt-get install rsyslog-mmjsonparse,
rsyslog-omelasticsearch,rsyslog-mmnormalize
Still I need to compile rsyslog as ./configure --prefix=/usr
--enable-imtcp --enable-mmjsonparse --enable-ommongodb ? or not.
2- You mean the following set of instructions help me. Things on left side
are items in log and things on right side are fields in elasticsearch
against which these values will be saved. Am I on right track?
ruleset(name="mongodb") {
action(type="mmjsonparse")
if $parsesuccess == "OK" then { # How this condition will
be OK, mean what will be checked.
set $!time = $timestamp;
set $!sys = $hostname;
set $!procid = $syslogtag;
set $!syslog_fac = $syslogfacility;
set $!syslog_sever = $syslogpriority;
set $!pid = $procid;
action(type="ommongodb" server="127.0.0.1" db="logs"
collection="syslog" template="mongodball")
}
}
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
