On Wed, Nov 4, 2015 at 4:51 PM, David Lang <[email protected]> wrote: > On Wed, 4 Nov 2015, Gareth Allen wrote: > >> Hi all >> >> I'm currently putting together a central log server, however there are >> a few caveats that I'm trying to work around. >> >> 1. Logs need to be organised by program and environments. >> Unfortunately I can't pass a second syslogtag so I'll need to do >> some hostname matching. >> but this will be come quite "static". We create environments quite >> regularly therefore I'd like to avoid this if possible. > > > one way to deal with this problem is to change the rsyslog senders to wrap > the message in JSON so that you can add whatever additional tags you want > (such as environment), see the thread a few days ago with the subject > "Adding properties to a received log entry"
I'll take a look at that, thanks. > >> 2. I need to strip out the tag and the hostname from the logs. > > > when you say "strip out" do you mean that the logss should no longer contain > that data? or that you want to make use of that data in other ways (which I > would call 'extracting' the data rather than 'stipping out' the data) I need to strip out the hostname and tag as these variables are being appended to the beginning of the log line. > if you want to write the log without that data, you need to create a > template to use for writing the log that doesn't contain those variables. > >> The ideal layout would be something like: >> "/var/log/remote/dev/httpd/%hostname%/access_log_%$YEAR%-%$MONTH%-%$DAY%" > > > look at the docs for omfile, specifically at the dynafile template option. > It exists for exactly this sort of task. > > David Lang > > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of > sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T > LIKE THAT. _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
