On Wed, 4 Nov 2015, Gareth Allen wrote:
Hi all
I'm currently putting together a central log server, however there are
a few caveats that I'm trying to work around.
1. Logs need to be organised by program and environments.
Unfortunately I can't pass a second syslogtag so I'll need to do
some hostname matching.
but this will be come quite "static". We create environments quite
regularly therefore I'd like to avoid this if possible.
one way to deal with this problem is to change the rsyslog senders to wrap the
message in JSON so that you can add whatever additional tags you want (such as
environment), see the thread a few days ago with the subject "Adding properties
to a received log entry"
2. I need to strip out the tag and the hostname from the logs.
when you say "strip out" do you mean that the logss should no longer contain
that data? or that you want to make use of that data in other ways (which I
would call 'extracting' the data rather than 'stipping out' the data)
if you want to write the log without that data, you need to create a template to
use for writing the log that doesn't contain those variables.
The ideal layout would be something like:
"/var/log/remote/dev/httpd/%hostname%/access_log_%$YEAR%-%$MONTH%-%$DAY%"
look at the docs for omfile, specifically at the dynafile template option. It
exists for exactly this sort of task.
David Lang
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
