On Sat, 2 Mar 2013, Ben Bradley wrote:
At the moment my logs are just going over the network using tcp syslog
(omfwd). Are there any other transport formats (JSON?) that are supported by
Rsyslog that can be read by logstash?
look at the lumberjack option in logstash, rsyslog supports JSON output, and is
very involved with lumberjack
http://blog.gerhards.net/2012/04/rsyslog-templates-json.html
http://www.rsyslog.com/tag/lumberjack/
there are multiple ways of specifying the output, both per-field and as a 'send
everything'
I still worry about syslog message size limits, although I actually see very
few of these as the longest log messages are cut off by being over Apache's
8192 byte request limit or by /sbin/logger
you can set rsyslog to have a much larger limit (I know I've seen >32K)
David Lang
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
