Thanks David. It helped (sadly it arrived 2 hours late :P)
I'm now dealing setting a variable with timestamp:::date-rfc5424 format. El 01/12/16 a las 15:57, Dave Caplinger escribió:
Try: set $!data!foo = $programname; As far as I know, rainerscript can't inject variables/properties into string literals directly; so if you really want to use string concatenation do this: set $!data!foo = "this_might_work_better_" & $programname; If you want to get any more complex than that, you can use a template and exec it: template(name="s_my_programname" type="string" string="%$programname%") set $!data!foo = exec_template("s_my_hostname"); (but you could make the template much more complex, such as stringing multiple things together, adding delimiters, etc.) Hope one of these helps, -- Dave Caplinger Director, Technical Product Management On Dec 1, 2016, at 8:28 AM, mosto...@gmail.com<mailto:mosto...@gmail.com> wrote: After meal, as usually happens, those quotes sparkled. Doesn't rsyslog conf grammar allows that neither? /(eg: set $!data!foo="this_doesnt_seem_to_work_$programname";)/ El 01/12/16 a las 14:57, mosto...@gmail.com<mailto:mosto...@gmail.com> escribió: This worked, but I have lost 2 hours and still don't see where's the evil. Works: module(load="omrelp") ruleset(name="relp") { set $!data!group=field($programname,47,1); set $!data!msg=$msg; action( action.reportSuspension="on" action.resumeRetryCount="-1" port="20514" queue.maxdiskspace="5M" queue.SaveOnShutdown="on" queue.type="LinkedList" target="server" template="RSYSLOG_DebugFormat" type="omrelp" ) } Doesn't work module(load="omrelp") ruleset(name="relp") { set $!data!foo="$programname"; <----------------just added this! (Line 17) set $!data!group=field($programname,47,1); set $!data!msg=$msg; action( action.reportSuspension="on" action.resumeRetryCount="-1" port="20514" queue.maxdiskspace="5M" queue.SaveOnShutdown="on" queue.type="LinkedList" target="server" template="RSYSLOG_DebugFormat" type="omrelp" ) } Rsyslog complains with: rsyslogd: error during parsing file /etc/rsyslog.conf, on or before line 17: invalid character '"' in expression - is there an invalid escape sequence somewhere? [v8.23.0 try http://www.rsyslog.com/e/2207 ] El 01/12/16 a las 11:14, Rainer Gerhards escribió: maybe the complete debug log would also help (not sure). Rainer 2016-12-01 11:12 GMT+01:00 David Lang<da...@lang.hm<mailto:da...@lang.hm>>: no, we need to see the contents of programname (the RSYSLOG_DebugFormat will show this. David Lang k _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Followhttps://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT. _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Followhttps://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT. _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT. Confidentiality Notice: The content of this communication, along with any attachments, is covered by federal and state law governing electronic communications and may contain confidential and legally privileged information. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution, use or copying of the information contained herein is strictly prohibited. If you have received this communication in error, please immediately contact us by telephone at 402.361.3000 or e-mail secur...@solutionary.com. Copyright 2000-2016 NTT Security (US) Inc., a wholly-owned subsidiary of NTT Group. All rights reserved. ActiveGuard and Solutionary are registered trademarks and NTT Security is a trademark of NTT Security (US) Inc. Solutionary, the ActiveGuard logo icon, and the Solutionary logo icon are registered service marks of NTT Security (US) Inc. Confidentiality Notice: The content of this communication, along with any attachments, is covered by federal and state law governing electronic communications and may contain confidential and legally privileged information. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution, use or copying of the information contained herein is strictly prohibited. If you have received this communication in error, please immediately contact us by telephone at 402.361.3000 or e-mail secur...@solutionary.com. Copyright 2000-2016 NTT Security (US) Inc., a wholly-owned subsidiary of NTT Group. All rights reserved. ActiveGuard and Solutionary are registered trademarks and NTT Security is a trademark of NTT Security (US) Inc. Solutionary, the ActiveGuard logo icon, and the Solutionary logo icon are registered service marks of NTT Security (US) Inc. _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
_______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.