On 01.09.2021 15:08, Istvan Kassai via rsyslog wrote:
Hi Mariusz!
Thanks for answering.
inline commented
Mariusz Kruk via rsyslog <[email protected]> ezt írta (időpont:
2021. szept. 1., Sze, 14:23):
1. As with dynamic files, rsyslog doesn't bother with rotating files and
any such maintenance (why should it? ;-)).
Should or shouldn't I don't know. I used syslog-ng before, that rotated by
default. So I asked before I re-invented the hot water. :-)
Well, I prefer the KISS approach, so I'd say that a solution should
stick to what it does best and let others do their work ;-)
So you can create a template
that inserts entries into a dynamically named table but removing old
tables is entirely up to you.
How do you think the dynamically named table? Is there an example for it?
https://www.rsyslog.com/doc/master/configuration/modules/ompgsql.html
As you can see in the Example 2, you can use a template to construct the
whole insert statement. You can then use any available property or
variable to dynamicaly generate the table name.
The only problem, if I dinamically refer to a table, the table has to be
exist. Should I create tables for a year forward if I want to log into
different tables all days?
I'm afraid so.
2. Just use a separate ruleset logging into a postgresql database and
tie it to the input on port 514. Like (very simple exapmple)
ruleset(name="log_to_pg") {
action(type="ompgsql" [...])
}
input(type="imptcp" port="5514" ruleset="log_to_pg")
Yes, I use a similar ruleset. But local messages are mixed with remote
ones.
Show us the config :-) Notice that the ruleset is tied to a single input
(you can try to add stop after the action just for sure).
I saw in the documentation there are filtering capabilities in the config,
so I thought send only the messages from outside (from a specified host, or
through the 5514). But I found only filtering examples based on message
content:
for example: if $msg contains 'error' then /var/log/errlog
but not on source host.
Is there any documentation what kind of internal variables (as $msg in the
example) can I use in filter?
Sure. They are called properties.
https://www.rsyslog.com/doc/master/configuration/properties.html
But it's easier (and more effective, I believe) to tie proper rulesets
to proper outputs and just pass the event streams separately than to
engage rsyslog into filtering them.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
