Seem that works. Thanks
El 09/02/17 a las 15:32, David Lang escribió:
On Thu, 9 Feb 2017, mostolog--- via rsyslog wrote:
Hi
While working with liblognorm we have found the /need/ of *using rule
tags*.
However setting */rule=aa:%.:@syslog% Foo%message:rest%/* doesn't
seem to add a /tags/ field to the message:
<12>2017-02-09T13:32:34.884+01:00 computer tag:
FooWhateverFollowsREDACTED
although it seems to parse it properly:
{ "message": "WhateverFollowsREDACTED", "syslogtag": "tag",
"hostname": "computer", "date": "2017-02-09T13:32:34.884+01:00",
"priority": "12"
Where is the metadata/tags field which is supposed to contain rule
tags? $.tags? $.metadata? Is that documented somewhere?
I believe that it creates $!event.tags
if you are running lognormalize, you need to add a flag (-T IIRC) to
get the tags shown in the output. I don't remember off the top of my
head if this needs to be enabled via a config option for mmnormalize.
David Lang
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
