Re: [rsyslog] omfile - create file path hierarchy splitting hostname

Hello David, this is what I was trying to accomplish: *example of the logline:* Oct 2 22:44:00 staging3-worker-i-0a646drtgbfb4dbe35 serverID:i-0a646drtgbfb4dbe35 2017-10-02 22:43:55.144 INFO 22940 --- [yBean_Worker-17] com.domain.jobs.class.Job : Job completed, jobId: 26, alerts: 2,

Re: [rsyslog] omfile - create file path hierarchy splitting hostname

start rsyslog with -dn and look through the output for the filename and look to see what it says when it tries to read the file David Lang On Mon, 9 Oct 2017, Luigi Tagliamonte wrote: Date: Mon, 9 Oct 2017 20:01:04 -0700 From: Luigi Tagliamonte To: David Lang

Re: [rsyslog] omfile - create file path hierarchy splitting hostname

On Mon, 9 Oct 2017, Luigi Tagliamonte wrote: ruleset(name="pRuleset") { action(type="mmnormalize" rulebase="/rule") is the file really in /? for many distros, SELinux or AppArmor will not let rsyslog read files in / try putting this file in /etc/rsyslog.d or /var/log David Lang

Re: [rsyslog] omfile - create file path hierarchy splitting hostname

The file is in / no selinux or apparmor enabled. On Oct 9, 2017 7:28 PM, "David Lang" wrote: > On Mon, 9 Oct 2017, Luigi Tagliamonte wrote: > > ruleset(name="pRuleset") { >>action(type="mmnormalize" rulebase="/rule") >> > > is the file really in /? > > for many distros,

Re: [rsyslog] Add the file name to syslog data

Even using the RFC5424 format, I would just use JSON in the message body, the structured data idea is something that pretty much nothing uses. David Lang On Mon, 9 Oct 2017, Joan via rsyslog wrote: Date: Mon, 9 Oct 2017 10:53:09 +0200 From: Joan via rsyslog To:

Re: [rsyslog] Add the file name to syslog data

In my case I switched to rfc5424 precisely for the subsecond timestamps, when agregating data from a lot of places, the messages would get unordered for some reason, adding the microsecond fixed all that. Digging in the available choices I amb thinking about two different options: 1) I stumbled