On Thu, 10 Dec 2015, Muhammad Asif wrote:
Dear Guys,
I need help in two matters.
1- I am receiving logs from random multiple sources at about 20000 events
per second. My requirement is to divide it in two part and forward it to
next collector like logstash or fluentd on different port or IP address. Is
there any method in rsyslog to filter on load. I dont want to use filters
on random IP address in rsyslog.
the best way to do this is on the recieving end the way I describe in this
paper.
https://www.usenix.org/conference/lisa12/technical-sessions/presentation/lang_david
2- How can I get output logs with timestamp in the following format
<164>2012-12-08T11:47:09+12:00 (Remaing log) instead of <164> Dec 8
11:47:09 (Remianing log)
see templates and the property replacer options:
http://www.rsyslog.com/doc/v8-stable/configuration/property_replacer.html
David Lang
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
