On Wed, 5 Dec 2018, Lavanya Kanchanapalli via rsyslog wrote:
Hi Rich: My apps and rsyslog are running on Ubuntu (Xenial). Installing rsyslog-mmnormalize worked. In my searched on Internet I did not find any reference to rsyslog-mmnormalize and so tried independently installing liblognorm and its dependencies which obviously did not work.
liblognorm is required by mmnormalize, the mmnormalize rsyslog module is not installed by default because it would pull in liblognorm, so you just needed to get the right thing installed
One other question, would you know how rsyslog determine which rule in rulebase to apply to a particular log line? My application logs can have logs from tomcat and a couple of other libraries with different formats. I am trying to figure out how to identify a log line is different format and handle it accordingly.
it uses whatever line matches. It takes all the lines in the config and turns them into a parse tree, and starts down the log line it's processing and the tree looking to see what matches.
In practice, you generally don't need to think about it, just put in the config lines and the right one will be used.
I create a $. variable that I format like a legacy template and so every line starts with the syslogtag, which makes it completely unambiguous as to if the line will match, but most people don't and things 'just work' :-)
David Lang _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
