I'm having some trouble with templates and remote logging. When I add this to
my conf:
$template myFormat,"%timereported% hostname:{%hostname%} rawmsg:{%rawmsg%}\n"
:msg,contains,"hadoop" :omrelp:kaptain:20514;myFormat
& ~
Then I created a test log message with:
$ logger -p daemon.info -t DataNode "hadoop hi"
The message gets to the remote host, but the output in /var/log/syslog on that
host is:
Apr 24 15:59:22 172.29.208.56 hostname: {SWILLIS-E6320} rawmsg:{<30>Apr 24
15:59:22 DataNode: hadoop hi}
Somehow, "hostname:" in my template is replaced with "172.29.208.56 hostname:
". I then tried the following in my conf:
$template myFormat,"%timereported% hostname:{%hostname%} rawmsg:{%rawmsg%}\n"
$template myFormat2,"%timereported% hostname{%hostname%} rawmsg:{%rawmsg%}\n"
:msg,contains,"hadoop" :omrelp:kaptain:20514;myFormat
:msg,contains,"hadoop" :omrelp:kaptain:20514;myFormat2
& ~
And the output in syslog is then:
Apr 24 16:38:19 172.29.208.56 hostname: {SWILLIS-E6320} rawmsg:{<30>Apr 24
16:38:19 DataNode: hadoop hi}
Apr 24 16:38:19 hostname{SWILLIS-E6320} rawmsg: {<30>Apr 24 16:38:19 DataNode:
hadoop hi}
So there seems to be a bug with having "hostname:" in the format, that isn't
brought out with just "hostname".
-Steven Willis
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
