On Wed, Mar 1, 2023 at 5:58 PM David Lang wrote:
> or you can point at a repo provided by the rsyslog project and then we can
> fix
> any problems you have.
>
Didnt thought that one! Thanks a lot for the input!
___
rsyslog mailing list
Ok, in that case you will need to use mmnormalize to parse the log lines, and
then a template to use the variables that you parse.
the json type will be your friend for parsing the json, then log the line with
the RSYSLOG_DebugFormat to see all the variables it creates and use them
($!foo!bar
If you are sticking with using ubuntu provided packages rather than the packages
provided by the rsyslog project, you will have to reach out to them for why this
module isn't available.
or you can point at a repo provided by the rsyslog project and then we can fix
any problems you have.
Hi David
til the vendor have't changed the log ouput format I received the logs
with this:
# Add this to reset the umask#
$umask
#BEGIN TEMPLATE
#template to add source ip
template( name="addFrmHstUDP" type="list")
{
property( name="fromhost-ip" )
constant( value=" " )
Post the output of the debug file template.
Rainer
Sent from phone, thus brief.
John Chivian via rsyslog schrieb am Mi., 1.
März 2023, 14:33:
> The needParse option for imfile is how you tell rsyslog to attempt to read
> syslog header elements out of the imfile content. If it is not used,
The needParse option for imfile is how you tell rsyslog to attempt to read
syslog header elements out of the imfile content. If it is not used, then
everything read from the file is in the “msg” property.
Regards,
> On Mar 1, 2023, at 07:23, Mariusz Kruk via rsyslog
> wrote:
>
> There is
This is all rsyslog-* dockerized 22.04 found:
gosa-plugin-rsyslog/jammy 2.7.4+reloaded3-16build1 all
rsyslog plugin for GOsa?
puppet-module-saz-rsyslog/jammy 2.2.1-2 all
Puppet module for rsyslog
rsyslog/jammy-updates,jammy-security 8.2112.0-2ubuntu2.2 amd64
reliable system and kernel
There is also an option for imfile called needParse
https://www.rsyslog.com/doc/v8-stable/configuration/modules/imfile.html
Might work, might not - never used it myself. But always worth giving it
a try.
On 1.03.2023 14:21, David Lang via rsyslog wrote:
that's what I'm guessing, but you
that's what I'm guessing, but you should check what you are getting and attempt
to turn on the feature to have imfile parse the lines from imfile as if they
were sent as syslog messages. I say that I don't think '*' is allowed, because I
think that it's forbidden by the RFC, so rsyslog has to
> Also, I don't think the '*' character is valid in the syslogtag
Im not using "*", im just setting it *BOLD*, but your mail client doesnt
like it ;)
On Wed, Mar 1, 2023 at 2:07 PM David Lang via rsyslog <
rsyslog@lists.adiscon.com> wrote:
> Also, I don't think the '*' character is valid in the
After testing what you said, it doesn't seem to exist a property which
returns "queries", and I'll be only able to parse it using something like
grok.
Did I understood right?
On Wed, Mar 1, 2023 at 1:55 PM Mariusz Kruk via rsyslog <
rsyslog@lists.adiscon.com> wrote:
> As my colleague used to say
please post your config so we can understand if what youa re showing us is the
result of your config or what is being sent to you.
If it's what is being sent to you, you would use mmnormalize to parse it into
variables, then create a custom template to assemble the message format that you
Also, I don't think the '*' character is valid in the syslogtag, so I think it
would put that into the msg field as well
If you are ever wondering how rsyslog has parsed a message, log it with the
built-in template RSYSLOG_DebugFormat and it will give you lots of the gory
details.
David
Unless explicitly instructed to parse syslog header elements out of an imfile
source, the entire imfile content is contained in the “msg” property. That is
to say rsyslog will construct the standard syslog header elements and then
append the line from the file as the msg property.
Regards
that sounds like there is a package missing from your image. I think there was a
mistake in packaging recently that has some modules missing, but that should
have been fixed at this point (and I thought that was redhat)
that is or was a separate package to install
David Lang
On Wed, 1 Mar
Hello
I receive on rsyslog-8.2102 log json format like this:
LogRecord {id='null', date=1677669932610,
applicationInstanceId='5fc42f05-36ab-45ff-908d-e7b978a88269',
domainName='public', serverIp='null', serverPort=null, clientIp='null',
clientPort=null, sessionId='null', username='null',
As my colleague used to say - try and see. Define logging action with
RSYSLOG_DebugFormat template and see what your properties are.*
*
On 1.03.2023 13:50, Tan Mientras via rsyslog wrote:
Im not sure I understood properly.
imfile has a mandatory tag required. but apart from that, the line
Im not sure I understood properly.
imfile has a mandatory tag required. but apart from that, the line contains
a "static" string "*queries*"
Which *property* would be "*queries*" when processing the line...or is it
impossible?
01-Mar-2023 13:20:23.998 *queries*: info: client @0x7fb258b56d80
You're explicitly telling your imfile to apply the *dns-query* tag. I'd
say that this behaviour is expected. $programname is the "static" part
of tag. The tag is *dns-query*. So...
On 1.03.2023 13:25, Tan Mientras via rsyslog wrote:
Hi.
Which *property* would be "*queries*" when processing
Hi.
Which *property* would be "*queries*" when processing the following line?
01-Mar-2023 13:20:23.998 *queries*: info: client @0x7fb258b56d80
30.0.30.142#59640 (e8333.g.akamaiedge.net): view internal-view: query:
e8333.g.akamaiedge.net IN A +E(0)D (192.168.2.254)
AFAIK, *programname*, but with
Hello
As running "rsyslog/syslog_appliance_alpine:8.36.0-3.7" docker image is not
advised for production, Im trying to setup my own rsyslog docker image.
*The dockerfile is:*
FROM ubuntu:22.04
RUN apt update && apt -y install rsyslog-relp
EXPOSE 514/udp 20514
CMD rsyslogd -n
*and the compose
21 matches
Mail list logo