On Fri, 11 Mar 2016, Joan wrote:
I have some files generated by java and written into logfiles by log4j that
I want to stream to graylog, I'd rather choose syslog with rfc5424 if
possible.
The files are like this
------------------------------------------------------------------
2016-03-10 07:01:09,778 INFO [taskname] long description 1
2016-03-10 07:01:09,784 DEBUG [taskname] long description 2
------------------------------------------------------------------
Currently I am using imfile to forward the logs and its working quite nicely
------------------------------------------------------------------
module(load="imfile"
mode="inotify"
)
input(type="imfile"
File="/opt/project/log/*.log"
Tag="taskproject:"
Facility="local3"
)
#Make data available on server reboot
$ActionQueueFileName reenviador
$ActionResumeRetryCount -1
$ActionQueueSaveOnShutdown on
#Proper microsecond format
local3.* @@192.168.1.136:514;RSYSLOG_SyslogProtocol23Format
------------------------------------------------------------------
The only issue, is that I'd like to have the severity set into the
forwarded logs and stripped from the log being sent, I've had a look into
mmnormalize, but I'm not sure it applies to the syslog format (I've seen
mostly json related examples)
There's not an easy way to do this.
You could use mmnormalize to parse the fields and then either a series of if
statements or a table lookup to convert the string to a number, and then do
calculations to compute the new PRI value and use that value in a custom
template when you forward the message.
David Lang
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
