Hi,
I try to get a coherent names for programs who send messages to rsyslog.
For most messages, $app-name or $programname do the job (I get $syslogtag
without the trailing "[pid]:").
However, $app-name/$programname does not play well with some system
defaults.
For example, on RHEL6 servers, the cron "run-parts" script use parenthesis
and slashes in the tag.
Using RSYSLOG_DebugFormat, here is what we get :
Debug line with all properties:
FROMHOST: 'client1', fromhost-ip: '42.0.0.1', HOSTNAME: 'client1', PRI: 77,
syslogtag 'run-parts(/etc/cron.hourly)[22434]:', programname: 'run-parts(',
APP-NAME: 'run-parts(', PROCID: '22434', MSGID: '-',
TIMESTAMP: 'Mar 19 17:01:01', STRUCTURED-DATA: '-',
msg: ' starting 0anacron'
escaped msg: ' starting 0anacron'
inputname: imuxsock rawmsg: '<77>Mar 19 17:01:01
run-parts(/etc/cron.hourly)[22434]: starting 0anacron'
While both parenthesis and slashes are "forbidden" by RFC3164, one is
accepted and the other isn't.
Is there a motivation to allow one and not the other ?
Here is my current workaround :
if $app-name == "run-parts(" then {
set $!app = field($syslogtag, 91, 1); # 91 = "["
} else {
set $!app = $app-name;
}
It works, but it's ugly and I doubt it's performance-wise. ;-)
Is there a better way to do it ?
Thanks!
Philippe
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
