On Tue, Nov 20, 2018 at 9:53 AM Jacob Steinberger via rsyslog <
[email protected]> wrote:
> Try this in your config:
>
> $template tpltext, "insert into SystemEvents (Message, Facility, FromHost,
> Priority, DeviceReportedTime, ReceivedAt, InfoUnitID, SysLogTag) values
> ('%msg%', %syslogfacility%, '%HOSTNAME%',
> %syslogpriority%,'%timereported:::date-mysql%',
> '%timegenerated:::date-mysql%', %iut%,
> '%syslogtag%')"
> module(load="builtin:omfile" file="/var/log/rsyslog-debug.log"
> template="tpltext")
>
OK, I have removed the following, and logging continues to work:
module(load="builtin:omfile" template="RSYSLOG_TraditionalFileFormat")
I have configured this template:
$template tpltext, "insert into SystemEvents (Message, Facility, FromHost,
Priority, DeviceReportedTime, ReceivedAt, InfoUnitID, SysLogTag) values
('%msg%', %syslogfacility%, '%HOSTNAME%',
%syslogpriority%,'%timereported:::date-mysql%',
'%timegenerated:::date-mysql%', %iut%, '%syslogtag%')\n"
I have configured this action:
authpriv.* action(type="omfile" file="/var/log/rsyslog-debug.log"
template="tpltext")
All appears to be functioning properly, including entries to:
rsyslog-debug.log
Now, how can I send all log entries containing a fixed string to a new
logfile?
For example, this is an intermittent problem, and I discovered it on
finding the following string in /var/log/messages:
The error statement was: insert into SystemEvents
If I can get all of those messages into a separate logfile, I only need see
if that file has been updated, to know that another intermittent problem
occurred.
Please, advise. Thank you.
~ Mike
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
