Try reading through some of the use cases implemented here: https://github.com/SparkITSolutions/phoenix/tree/legacy/install/rsyslog
That will have examples for many things you want to do. Cheers, JB On Wed, Nov 21, 2018 at 10:23 AM Mike Schleif <[email protected]> wrote: > On Tue, Nov 20, 2018 at 9:53 AM Jacob Steinberger via rsyslog < > [email protected]> wrote: > > > Try this in your config: > > > > $template tpltext, "insert into SystemEvents (Message, Facility, > FromHost, > > Priority, DeviceReportedTime, ReceivedAt, InfoUnitID, SysLogTag) values > > ('%msg%', %syslogfacility%, '%HOSTNAME%', > > %syslogpriority%,'%timereported:::date-mysql%', > > '%timegenerated:::date-mysql%', %iut%, > > '%syslogtag%')" > > module(load="builtin:omfile" file="/var/log/rsyslog-debug.log" > > template="tpltext") > > > > OK, I have removed the following, and logging continues to work: > module(load="builtin:omfile" template="RSYSLOG_TraditionalFileFormat") > > I have configured this template: > $template tpltext, "insert into SystemEvents (Message, Facility, FromHost, > Priority, DeviceReportedTime, ReceivedAt, InfoUnitID, SysLogTag) values > ('%msg%', %syslogfacility%, '%HOSTNAME%', > %syslogpriority%,'%timereported:::date-mysql%', > '%timegenerated:::date-mysql%', %iut%, '%syslogtag%')\n" > > I have configured this action: > authpriv.* action(type="omfile" file="/var/log/rsyslog-debug.log" > template="tpltext") > > All appears to be functioning properly, including entries to: > rsyslog-debug.log > > > Now, how can I send all log entries containing a fixed string to a new > logfile? > > For example, this is an intermittent problem, and I discovered it on > finding the following string in /var/log/messages: > The error statement was: insert into SystemEvents > > If I can get all of those messages into a separate logfile, I only need see > if that file has been updated, to know that another intermittent problem > occurred. > > Please, advise. Thank you. > > ~ Mike > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > DON'T LIKE THAT. > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
