Another point I forgot to mention. I don't want to use Linux's Logger utility to send RFC5424 messages because it opens socket for every syslog event.
On Fri, Dec 6, 2019 at 9:30 AM Harish Patil <[email protected]> wrote: > Sorry typo, some extraneous characters.. > > Read as "Do you have an example that shows how a user application can > provide HEADER + Structured Data + Message?" > > On Fri, Dec 6, 2019 at 9:27 AM Harish Patil <[email protected]> wrote: > >> Hi Lennard, >> Thanks for your response. >> >> 1) So if infer your response correctly: >> a) First step it to edit the config file: >> *.* @remote;RSYSLOG_SyslogProtocol23Format >> action(type="omfwd" ... template="RSYSLOG_SyslogProtocol23Format") >> >> b) Use rsyslog client API/mechanism for me to pass HEADER fields + >> Structured Data + Message (as a string) from my client application? Is >> that right? >> If so, can I use existing syslog APIs such as openlog(), syslog() etc? Do >> you have an example that shows how an user application can provide HEADER + >> Structured Data +11) Message? >> My expectation is I should be able to provide all the header info such as >> priority, app, timestamp, hostname etc along with the msg string. The >> rsyslog client would then format as per RFC 5424 and should be sent to >> remote rsyslog servers. >> >> 2) Secondly, do we have an option to send syslog msgs to remote servers >> in a non-blocking way? I plan to invoke API in the traffic processing >> thread, so sockets should be in non-blocking mode. >> >> Pls let me know. >> Thanks, >> >> Harish >> On Fri, Dec 6, 2019 at 12:19 AM Lennard Klein < >> [email protected]> wrote: >> >>> Hi, >>> >>> On 12/6/19 8:38 AM, Harish Patil via rsyslog wrote: >>> > Hi, >>> > >>> > I have a simple question. >>> > >>> > I have a requirement to send certain messages from my application to a >>> > remote syslog server in RFC 5424 format. >>> In rsyslog the output format is controlled by templates [1]. >>> > For that, do we have such a thing as syslog/rsyslog client (or client >>> API >>> > library) that can take a string and some arguments, format it as per >>> RFC >>> > 5424 and then send it to remote rsyslog server? I went thru' some >>> > documentation, but it wasn't clear to me. >>> There's a built-in template called 'RSYSLOG_SyslogProtocol23Format' for >>> that, see also the page linked above. >>> >>> > >>> > I looked into RulesetParser rsyslog.rfc5424 ruleset. I believe this is >>> a >>> > config option used in rsyslog servers for parsing RFC 5424 messages >>> but not >>> > formatting. Is that right? >> >> >> >>> Essentially you got that right, rsyslog.rfc5424 is a built-in parser, >>> which can be used as a parser chain for a ruleset and is in the default >>> chain. >>> >>> > Essentially all I need to know whether I need to RFC 5424 formatting >>> > by hand or can we use any existing implementation? >>> In short: yes, if you're simply trying to send in RFC5424 rather than >>> traditional formats, you simply specify the template: >>> >>> *.* /var/log/all-messages.log;RSYSLOG_SyslogProtocol23Format >>> *.* @remote;RSYSLOG_SyslogProtocol23Format >>> action(type="omfwd" ... template="RSYSLOG_SyslogProtocol23Format") >>> ... and other syntaxes >>> >>> regards, >>> Lennard Klein >>> >>> [1]https://www.rsyslog.com/doc/v8-stable/configuration/templates.html >>> This email is from Equinix (EMEA) B.V. or one of its associated >>> companies in the territory from where this email has been sent. This email, >>> and any files transmitted with it, contains information which is >>> confidential, is solely for the use of the intended recipient and may be >>> legally privileged. If you have received this email in error, please notify >>> the sender and delete this email immediately. Equinix (EMEA) B.V.. >>> Registered Office: Amstelplein 1, 1096 HA Amsterdam, The Netherlands. >>> Registered in The Netherlands No. 57577889. >>> >> _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
