Hello rsyslog users,
We are currently running a small rsyslog setup (i.e. TCP-based remote logging) in our test environment. This setup is also used to transfer Apache access logs, using the pipe operator in the Apache config and a Bash shell script which calls the "logger" tool to log a message to local rsyslog in a loop like # read first line #... while [ $result -eq 0 ]; do # log $line to $filename logger -p local0.info -t "APACHE" "$filename?$line" read line result=$? done The problem with this approach is twofold. First, we are experiencing performance issues under increased load (all Apache workers in status "L" on the Apache server status page when stress testing). Secondly, in order to resolve the first issue, we thought about moving to the file based input module which would make (we hope) Apache performance less depending on the logging infrastructure - as it would just log to the native filesystem as usual. However, as can be seen above, we're currently transforming the log messages to include the destination filename. On the remote rsyslog server (the receiving end), the messages are logged into a file whose name is dynamically derived from the first part of the log (the part before the first question mark). So my question is: can rsyslog be configured to 1. Read new lines from Apache access log as they become available 2. prepend an arbitrary string to the message (the destination filename) 3. log this transformed message instead of the original Or is there a more "best-practices" approach to do what I want (which is : filter messages on the remote end based on the tag and write them to a dynamically generated filename using regexps) Thanks, Pieter _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
