ahh, 5.x doesn't have user defined variables, so you have to do different
templates
so what you would do is something like
$template case1,"<31>%timestamp% %hostname% %syslogtag%%msg%"
$template case2,"<43>%timestamp% %hostname% %syslogtag%%msg%"
where 31 and 43 get changed to match the facility/severity values that you want
to use.
If you can move to 7.x things get much simpler, you can set variables and do
math rather than having every nuance hard-coded.
David Lang
On Wed, 18 Dec 2013, Paul Seymour wrote:
Date: Wed, 18 Dec 2013 07:55:06 +0000
From: Paul Seymour <[email protected]>
Reply-To: rsyslog-users <[email protected]>
To: rsyslog-users <[email protected]>
Subject: Re: [rsyslog] rsyslog imfile and filtering
Thanks. Must admit I am struggling to get the property rewrite stuff working
with the legacy template syntack (v5.8.x)
Is there any examples, or pointers to follow. Scanned through the official docs
and it's not clicked in my head for some reason.
Thanks
Paul
On 16 Dec 2013, at 15:23, Radu Gheorghe <[email protected]> wrote:
Hi Paul,
I think you can do that by defining two different templates:
http://www.rsyslog.com/doc/rsyslog_conf_templates.html
The pseudo-logic I have in mind is:
if match1 then
send with template1
else if match2
send with template2
And the template could be a standard template (scroll to "Standard Template
for Forwarding to a Remote Host (RFC3164 mode)" in the link above, for
example). Except that, instead of putting a variable property like "pri",
you can have a constant for one template, and a different constant for the
other.
2013/12/16 Paul Seymour <[email protected]>
Hello,
I am using imfile to bring in a logfile and what to filter forward to a
receiver based on regex but with different severities with the facility
being local3.
For example one regex is:-
:msg, regex, "Service .* has started." @@<mysystem>
Which I want as info, whilst the
msg, regex, "Service .* has shutdown." @@<mysystem>
This one I would like to be warning or some such.
Any pointers on this ?
Thanks
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
