If by 2.1 you are talking about cases where the data is not output as a single
log event, but is output as multiple log entries, things get rather messy.
First off, there are a variety of conditions (both inside and outside rsyslog)
that can cause log entries to end up in a different order than they were
generated, or intermingled with logs from other processes.
Rsyslog has a couple options when it's reading logs from files to deal with
multiline logs, but what it's doing, and the general answer is that you really
want something to combine all the lines into one log entry, and then have that
one log entry processed by rsyslog.
David Lang
On Fri, 3 Oct 2014, Balint Szigeti wrote:
Date: Fri, 03 Oct 2014 20:36:04 +0100
From: Balint Szigeti <[email protected]>
To: rsyslog-users <[email protected]>
Subject: Re: [rsyslog] about rsyslog and functionalities
answers:
1 - yes it is possible. I use it in this way
2 - yes you can, you need to play with the if statements. I can give
some examples on Monday.
2.1 - I don't know. I would be good but I don't know how. The
rsyslog mysql module send the logs in one table and I don't know if the
separation is even possible.
Balint
On Fri, 2014-10-03 at 12:01 -0400, Carlos Manuel Trepeu Pupo wrote:
Hello, I'm receiving the email list since a few months ago when I decided
to implement an rsyslog server in my network. Now I have the machine and
hard drives, so it's time to start. I had been reading always the list, but
I still have a few questions:
1- Is possible to implement a rsyslog server that save all logs in a
separated mysql database?
2- In case of squid and postfix I can make independent database for each
one?
2.1- Can I send the fields to a database where the log's field are
separated and not as a line ?
Thanks and sorry for my english.
P.S: If you guys can recommend me any information online I'll be
appreciated, I tried to read everything I found, but for some reason I
still don't fell quite.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
