On Wed, Nov 4, 2015 at 5:20 PM, Gareth Allen <[email protected]> wrote:
> On Wed, Nov 4, 2015 at 4:51 PM, David Lang <[email protected]> wrote:
>> On Wed, 4 Nov 2015, Gareth Allen wrote:
>>
>>> Hi all
>>>
>>> I'm currently putting together a central log server, however there are
>>> a few caveats that I'm trying to work around.
>>>
>>> 1. Logs need to be organised by program and environments.
>>> Unfortunately I can't pass a second syslogtag so I'll need to do
>>> some hostname matching.
>>> but this will be come quite "static". We create environments quite
>>> regularly therefore I'd like to avoid this if possible.
>>
>>
>> one way to deal with this problem is to change the rsyslog senders to wrap
>> the message in JSON so that you can add whatever additional tags you want
>> (such as environment), see the thread a few days ago with the subject
>> "Adding properties to a received log entry"
>
> I'll take a look at that, thanks.
I've managed to start shipping my logs as json, but I'm battling to
get my head around the syntax. How would I pull out properties from
json?
On the client side:
$template
enhanced,"{\"properties\":{\"programname\":\"%programname%\",\"hostname\":\"%hostname%\",\"environment\":\"dev\",\"time\":\"%timestamp:::date-rfc3339%\"},\"message\":{\"raw_msg\":\"%rawmsg%\"}}\n",json
On the server I'd like to use the environment variable to construct
the directory name
$template
apache_error,"/var/log/remote/%environment%/httpd/%hostname%/error_log_%$YEAR%-%$MONTH%-%$DAY%"
I'm struggling with the %environment% part. I know it won't be a
system variable, however I'm not sure how to extract it from the json.
>>
>>> 2. I need to strip out the tag and the hostname from the logs.
>>
>>
>> when you say "strip out" do you mean that the logss should no longer contain
>> that data? or that you want to make use of that data in other ways (which I
>> would call 'extracting' the data rather than 'stipping out' the data)
>
> I need to strip out the hostname and tag as these variables are being
> appended to the beginning of the log line.
>
>> if you want to write the log without that data, you need to create a
>> template to use for writing the log that doesn't contain those variables.
>>
>>> The ideal layout would be something like:
>>> "/var/log/remote/dev/httpd/%hostname%/access_log_%$YEAR%-%$MONTH%-%$DAY%"
>>
>>
>> look at the docs for omfile, specifically at the dynafile template option.
>> It exists for exactly this sort of task.
>>
>> David Lang
>>
>> _______________________________________________
>> rsyslog mailing list
>> http://lists.adiscon.net/mailman/listinfo/rsyslog
>> http://www.rsyslog.com/professional-services/
>> What's up with rsyslog? Follow https://twitter.com/rgerhards
>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
>> sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T
>> LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
