Re: [rsyslog] Template Mystery for me

Thu, 11 Jun 2015 00:09:08 -0700 

On Thu, 11 Jun 2015, Muhammad Asif wrote:


1- I have installed mmjasonparse, mmnormalize, omelasticsearch by following
command.
sudo apt-get install rsyslog-mmjsonparse,
rsyslog-omelasticsearch,rsyslog-mmnormalize
Still I need to compile rsyslog as ./configure  --prefix=/usr
--enable-imtcp --enable-mmjsonparse --enable-ommongodb ? or not.



you shouldn't mix a self-compiled version with distro packages, do one or the 
other.



do you need mongodb? you don't mention it anywhere else? If you need 
mmnormalize, omelasticsearch, and other things, you would need to include them 
as well




2- You mean the following set of instructions help me. Things on left side
are items in log and things on right side are fields in elasticsearch
against which these values will be saved. Am I on right track?



the variable name is what will show up as the fieldname in elasticsearch, you 
are setting the variable equal to the value on the right.



But you are saying elasticsearch, but invoking mongodb, which are you trying to 
do?


you also don't show us the definition of the template that you are using.

David Lang


ruleset(name="mongodb") {
       action(type="mmjsonparse")
       if $parsesuccess == "OK" then {     # How this condition will
be OK, mean what will be checked.
               set $!time = $timestamp;
               set $!sys = $hostname;
               set $!procid = $syslogtag;
               set $!syslog_fac = $syslogfacility;
               set $!syslog_sever = $syslogpriority;
               set $!pid = $procid;
               action(type="ommongodb" server="127.0.0.1" db="logs"
collection="syslog" template="mongodball")
               }
       }
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.


_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.






















					Reply via email to