On Wed, Feb 3, 2016 at 8:01 AM, Bob Gregory <[email protected]> wrote:
> Hi all,
>
> I'm using rsyslogd as the syslog daemon on a machine running Docker. I've
> configured docker to use the syslog logging driver and am able to parse the
> json logs written to stdout by my applications.
>
> These logs contain a textual severity level based on the log4j levels:
> DEBUG, INFO, WARN, ERROR, CRITICAL, FATAL.
>
> The docker syslog integration dumps all the stdout of a container into
> syslog with a severity of LOG_INFO, and stderr with LOG_ERR.
>
> I'd like to parse the incoming json and map the level names to syslog
> severity numbers.
>
> I can see some related functionality in msg.c, but nothing that's exposed
> to end users, so I'm considering writing a new pair of property replacers:
> one to map numbers from standard error level or severity names; another to
> map severity levels to their names:
>
> template(name="my-magic-template") {
> property(name="$!level" severity.fromname="1")
> property(name="$!levelno" severity.toname="1")
> }
>
> template(name="my-other-template" string="%level::severity-from-name%
> %levelno::severity-to-name%")
>
> Has anyone got any better ideas? I'd like to continue logging from
> containers to stdout, and to continue using the log-level names, because
> the php/python/java logging libs support that out-of-the-box and it's one
> less thing for devs to worry about.
>
Thanks for sharing this. What else is in your log processing pipeline?
Where do the apps live in relation to this rsyslog instance and what does
the rsyslog instance do with the logs after it receives them?
Thanks, -peter
>
> ----
>
> *Bob Gregory*
>
> Application Architect
>
> MADE.COM <http://www.made.com/>
>
> Skype: flinkywistypomm
>
>
> [image: MADE]
>
>
>
> Made.com Design Limited is a company registered in England and Wales.
>
> Registered number: 07101408 | Registered office: 100 Charing Cross Road,
> London WC2H 0HG
> _______________________________________________
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
> DON'T LIKE THAT.
>
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
