Of course it will help.

Let me take the risk: is there a rsyslog wiki where I could start documenting what ERK should look like? :P

markdown is mandatory.


El 23/11/16 a las 15:57, Rainer Gerhards escribió:
Would the capability to add metadata in imfile input help? That would be
easy to add. If not, what would give you the Mets data?

Rainer

Sent from phone, thus brief.

Am 23.11.2016 15:51 schrieb "[email protected]" <[email protected]>:

there are probably ways to simplify the configs, 5K lines of configs seems
excessive :-) how much of this is rulebase config vs rsyslog config?

Each app generates app-access.log, app-tomcat.log, app-application.log
files. imfile allow me to add filename as metadata, but nothing more.
As each application belongs to a workgroup, part of an organizational unit
and is running on some (multiple) hosts, at the end I have approximately
this for each app:

template(name="json_appX" type="list") {
     property(name="hostname")
     constant(value=" ")
     property(name="syslogtag")
     constant(value=" {")
constant(value="\"group\":\"group\","\"unit\":\"unit\",\"app\":\"appX\",")
     constant(value="\",\"file\":\"")
     property(name="$!metadata!filename")
     constant(value="\",\"msg\":\"")
     property(name="msg" format="jsonr")
     constant(value="\"}")
}
ruleset(name="json_appX") {
     action(
         template="json_appX"
         type="omrelp"
         target="server"
         port="20514"
         action.resumeRetryCount="-1"
         action.reportSuspension="on"
         queue.maxdiskspace="5M"
         queue.type="LinkedList"
         queue.filename="appX.qi"
         queue.SaveOnShutdown="on"
     )
}
input(type="imfile" file="/logs/appX/access.log" tag="group/appX"
addMetadata="on" ruleset="json_appX" PersistStateInterval="1")
input(type="imfile" file="/logs/appX/tomcat.log" tag="group/appX"
addMetadata="on" ruleset="json_appX" PersistStateInterval="1")
input(type="imfile" file="/logs/appX/application.log" tag="group/appX"
addMetadata="on" ruleset="json_appX" PersistStateInterval="1")


which becomes 5K lines of config file.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
DON'T LIKE THAT.

_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Reply via email to