On 5/29/19 1:27 PM, Noriko Hosoi via rsyslog wrote:
Hello rsyslog list,
[1] is an example of pre-processed log. We'd like to keep fields defined in the environment variable [3] in the top level, and move the rest to one level down as in [2]. In this example, 2
fields "test0" and "test1" are
My recommendation is to pass the message on to an mmexternal module
(that you write) that does the required transformation...
action(
type="mmexternal"
name="normalize-json"
binary="/path/to/transform.exec"
interface.input="rawmsg"
output="/path/to/transform.debug"
)
...where
Hello rsyslog list,
[1] is an example of pre-processed log. We'd like to keep fields
defined in the environment variable [3] in the top level, and move the
rest to one level down as in [2]. In this example, 2 fields "test0" and
"test1" are to be moved, but the count could vary. We'd like
rate limiting is defined at module load time, not at runtime. one of the reasons
to change to rainerscript is that it makes it clearer as to when things are
defined, you would need to change the module load command (using the old style
config, your $ rate limiting lines would need to be in the
Hi
I am looking for a way to change parameters related to rate limiting after
imuxsock module is loaded. Is it possible?
The use case here is as follows. /etc/rsyslog.conf is provided by a
separate team that maintains platform used by many projects. Then each
project adds its own configuration
hi all,
my apologies if this question has already been asked before and there is a
solution which I failed to find from rsyslog mailing list archive.
I have to parse syslog messages with the message field consisting of
keyword=value pairs, where values may be enclosed in double-quotes. Also,
6 matches
Mail list logo
