Re: [rsyslog] Add the file name to syslog data

On Sun, 1 Oct 2017, at 11:50, David Lang wrote: > any time you have a question like this, first log locally with the format > RSYSLOG_DebugFormat so that you can see exactly what data you have where. > > In this case, you will need to enable metadata in your imfile config, > this will > add the

Re: [rsyslog] Qualys scan against rsyslog causes it to segfault

2017-10-06 8:27 GMT+02:00 deoren : On October 6, 2017 1:03:32 AM CDT, Thomas Deutschmann via rsyslog wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2017-10-06 07:45, deoren wrote: Is this expected? I

Re: [rsyslog] omfile - create file path hierarchy splitting hostname

@David thank you I made it works without mmnormalize, just using rsyslog functions, here is the snippet for somebody reference: module(load="imkafka") input(type="imkafka" topic="logging" broker=["IP"] ruleset="pRuleset" consumergroup="default1" confParam=["compression.codec=snappy",

Re: [rsyslog] Add the file name to syslog data

On Fri, 6 Oct 2017, Dave Cottlehuber wrote: at the final destination, I have all that data available and can either use it, or create a template that just writes out a RFC3164 style message with the original message content. Is there any reason why you prefer RFC3164 vs the later RFC5424

Re: [rsyslog] omfile - create file path hierarchy splitting hostname

On Fri, 6 Oct 2017, Luigi Tagliamonte wrote: @David thank you I made it works without mmnormalize, just using rsyslog functions, here is the snippet for somebody reference: set $.environment = field($syslogtag,"-",3) ; set $.servertype = field($syslogtag,"-",4) ; set

Re: [rsyslog] omfile - create file path hierarchy splitting hostname

I agree with you David, I tried mmnormalize but I wasn't able to make it work. I was assigning to all the local variables (for example: set $.environment = $!environment ) the variables extracted by mmnormalize and they were always empty. I checked my rule using lognormalizer and the output field

Re: [rsyslog] omfile - create file path hierarchy splitting hostname

On Fri, 6 Oct 2017, Luigi Tagliamonte wrote: I agree with you David, I tried mmnormalize but I wasn't able to make it work. I was assigning to all the local variables (for example: set $.environment = $!environment ) the variables extracted by mmnormalize and they were always empty. I checked

Re: [rsyslog] omfile - create file path hierarchy splitting hostname

you can parse anything apart into different variables with mmnormalize. you can then you the dynafile feature to create a template that uses the variables for the filename. This is the sort of thing that the $. variables were introduced to be used for (so that they don't add 'strange stuff'

Re: [rsyslog] Qualys scan against rsyslog causes it to segfault

On Fri, 6 Oct 2017, deoren wrote: I'm going to retest soon, one port at a time to see if the segfault is specific to one of the inputs. Once I determine that I'll likely setup a vanilla installation of rsyslog with imudp, imptcp and imrelp enabled and try to replicate the segfault. If I can

Re: [rsyslog] Qualys scan against rsyslog causes it to segfault

On October 6, 2017 1:03:32 AM CDT, Thomas Deutschmann via rsyslog wrote: >-BEGIN PGP SIGNED MESSAGE- >Hash: SHA512 > >On 2017-10-06 07:45, deoren wrote: >> Is this expected? I recall reading that rsyslog should be properly >> firewalled to protect it from

Re: [rsyslog] Qualys scan against rsyslog causes it to segfault

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2017-10-06 07:45, deoren wrote: > Is this expected? I recall reading that rsyslog should be properly > firewalled to protect it from malicious traffic, but I couldn't > recall what would happen if it were exposed to scans: fall over vs > trash

Re: [rsyslog] Qualys scan against rsyslog causes it to segfault

In any case, I think it would make sense to use the current 8.29.0 version if not installed. Just a thought. Rainer 2017-10-06 8:27 GMT+02:00 deoren : > > > On October 6, 2017 1:03:32 AM CDT, Thomas Deutschmann via rsyslog >

Re: [rsyslog] Qualys scan against rsyslog causes it to segfault

On 10/6/2017 4:42 PM, David Lang wrote: On Fri, 6 Oct 2017, deoren wrote: I'm going to retest soon, one port at a time to see if the segfault is specific to one of the inputs. Once I determine that I'll likely setup a vanilla installation of rsyslog with imudp, imptcp and imrelp enabled and