Post the output of the debug file template.
Rainer
Sent from phone, thus brief.
John Chivian via rsyslog schrieb am Mi., 1.
März 2023, 14:33:
> The needParse option for imfile is how you tell rsyslog to attempt to read
> syslog header elements out of the imfile content. If it is not used,
The needParse option for imfile is how you tell rsyslog to attempt to read
syslog header elements out of the imfile content. If it is not used, then
everything read from the file is in the “msg” property.
Regards,
> On Mar 1, 2023, at 07:23, Mariusz Kruk via rsyslog
> wrote:
>
> There is
There is also an option for imfile called needParse
https://www.rsyslog.com/doc/v8-stable/configuration/modules/imfile.html
Might work, might not - never used it myself. But always worth giving it
a try.
On 1.03.2023 14:21, David Lang via rsyslog wrote:
that's what I'm guessing, but you
that's what I'm guessing, but you should check what you are getting and attempt
to turn on the feature to have imfile parse the lines from imfile as if they
were sent as syslog messages. I say that I don't think '*' is allowed, because I
think that it's forbidden by the RFC, so rsyslog has to
> Also, I don't think the '*' character is valid in the syslogtag
Im not using "*", im just setting it *BOLD*, but your mail client doesnt
like it ;)
On Wed, Mar 1, 2023 at 2:07 PM David Lang via rsyslog <
rsyslog@lists.adiscon.com> wrote:
> Also, I don't think the '*' character is valid in the
After testing what you said, it doesn't seem to exist a property which
returns "queries", and I'll be only able to parse it using something like
grok.
Did I understood right?
On Wed, Mar 1, 2023 at 1:55 PM Mariusz Kruk via rsyslog <
rsyslog@lists.adiscon.com> wrote:
> As my colleague used to say
Also, I don't think the '*' character is valid in the syslogtag, so I think it
would put that into the msg field as well
If you are ever wondering how rsyslog has parsed a message, log it with the
built-in template RSYSLOG_DebugFormat and it will give you lots of the gory
details.
David
Unless explicitly instructed to parse syslog header elements out of an imfile
source, the entire imfile content is contained in the “msg” property. That is
to say rsyslog will construct the standard syslog header elements and then
append the line from the file as the msg property.
Regards
As my colleague used to say - try and see. Define logging action with
RSYSLOG_DebugFormat template and see what your properties are.*
*
On 1.03.2023 13:50, Tan Mientras via rsyslog wrote:
Im not sure I understood properly.
imfile has a mandatory tag required. but apart from that, the line
Im not sure I understood properly.
imfile has a mandatory tag required. but apart from that, the line contains
a "static" string "*queries*"
Which *property* would be "*queries*" when processing the line...or is it
impossible?
01-Mar-2023 13:20:23.998 *queries*: info: client @0x7fb258b56d80
You're explicitly telling your imfile to apply the *dns-query* tag. I'd
say that this behaviour is expected. $programname is the "static" part
of tag. The tag is *dns-query*. So...
On 1.03.2023 13:25, Tan Mientras via rsyslog wrote:
Hi.
Which *property* would be "*queries*" when processing
Hi.
Which *property* would be "*queries*" when processing the following line?
01-Mar-2023 13:20:23.998 *queries*: info: client @0x7fb258b56d80
30.0.30.142#59640 (e8333.g.akamaiedge.net): view internal-view: query:
e8333.g.akamaiedge.net IN A +E(0)D (192.168.2.254)
AFAIK, *programname*, but with
12 matches
Mail list logo
