What do you mean by "not in any standard format" ? I've explicitely declared the logging driver in docker to be syslog, so I was expecting to be able to parse the result to extract accurate data in the fields.
Can you give me any hints on how I could use mmnormalize to extract the various fields ? On Wed, Apr 25, 2018 at 7:28 PM, David Lang <[email protected]> wrote: > On Wed, 25 Apr 2018, Rainer Gerhards wrote: > > 2018-04-25 9:29 GMT+02:00 Flo Rance <[email protected]>: >> >>> Ok, but if ".err" means "err and above", why does it forward messages >>> with >>> the severity INFO as in the example ? >>> >> >> pls post the raw message - how do you know it is INFO? >> > > in the docker world, the 'standard' is that messages get dumped to stdout, > not in any standard format, so INFO: in the message body is the indication. > > It looks like these logs should be parsed with mmnormalize to extract the > various fields (potentially as a parser on the input) > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
