Thanks David. It helped (sadly it arrived 2 hours late :P)
I'm now dealing setting a variable with timestamp:::date-rfc5424 format.
El 01/12/16 a las 15:57, Dave Caplinger escribió:
Try:
set $!data!foo = $programname;
As far as I know, rainerscript can't inject variables/properties into string
literals directly; so if you really want to use string concatenation do this:
set $!data!foo = "this_might_work_better_" & $programname;
If you want to get any more complex than that, you can use a template and exec
it:
template(name="s_my_programname" type="string" string="%$programname%")
set $!data!foo = exec_template("s_my_hostname");
(but you could make the template much more complex, such as stringing multiple
things together, adding delimiters, etc.)
Hope one of these helps,
--
Dave Caplinger
Director, Technical Product Management
On Dec 1, 2016, at 8:28 AM, mosto...@gmail.com<mailto:mosto...@gmail.com> wrote:
After meal, as usually happens, those quotes sparkled. Doesn't rsyslog
conf grammar allows that neither?
/(eg: set $!data!foo="this_doesnt_seem_to_work_$programname";)/
El 01/12/16 a las 14:57, mosto...@gmail.com<mailto:mosto...@gmail.com> escribió:
This worked, but I have lost 2 hours and still don't see where's the evil.
Works:
module(load="omrelp")
ruleset(name="relp") {
set $!data!group=field($programname,47,1);
set $!data!msg=$msg;
action(
action.reportSuspension="on"
action.resumeRetryCount="-1"
port="20514"
queue.maxdiskspace="5M"
queue.SaveOnShutdown="on"
queue.type="LinkedList"
target="server"
template="RSYSLOG_DebugFormat"
type="omrelp"
)
}
Doesn't work
module(load="omrelp")
ruleset(name="relp") {
set $!data!foo="$programname"; <----------------just added
this! (Line 17)
set $!data!group=field($programname,47,1);
set $!data!msg=$msg;
action(
action.reportSuspension="on"
action.resumeRetryCount="-1"
port="20514"
queue.maxdiskspace="5M"
queue.SaveOnShutdown="on"
queue.type="LinkedList"
target="server"
template="RSYSLOG_DebugFormat"
type="omrelp"
)
}
Rsyslog complains with:
rsyslogd: error during parsing file /etc/rsyslog.conf, on or before
line 17: invalid character '"' in expression - is there an invalid
escape sequence somewhere? [v8.23.0 try http://www.rsyslog.com/e/2207 ]
El 01/12/16 a las 11:14, Rainer Gerhards escribió:
maybe the complete debug log would also help (not sure).
Rainer
2016-12-01 11:12 GMT+01:00 David Lang<da...@lang.hm<mailto:da...@lang.hm>>:
no, we need to see the contents of programname (the RSYSLOG_DebugFormat will
show this.
David Lang
k
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Followhttps://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T
LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Followhttps://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
Confidentiality Notice: The content of this communication, along with any
attachments, is covered by federal and state law governing electronic
communications and may contain confidential and legally privileged information.
If the reader of this message is not the intended recipient, you are hereby
notified that any dissemination, distribution, use or copying of the
information contained herein is strictly prohibited. If you have received this
communication in error, please immediately contact us by telephone at
402.361.3000 or e-mail secur...@solutionary.com.
Copyright 2000-2016 NTT Security (US) Inc., a wholly-owned subsidiary of NTT
Group. All rights reserved. ActiveGuard and Solutionary are registered
trademarks and NTT Security is a trademark of NTT Security (US) Inc.
Solutionary, the ActiveGuard logo icon, and the Solutionary logo icon are
registered service marks of NTT Security (US) Inc.
Confidentiality Notice: The content of this communication, along with any
attachments, is covered by federal and state law governing electronic
communications and may contain confidential and legally privileged information.
If the reader of this message is not the intended recipient, you are hereby
notified that any dissemination, distribution, use or copying of the
information contained herein is strictly prohibited. If you have received this
communication in error, please immediately contact us by telephone at
402.361.3000 or e-mail secur...@solutionary.com.
Copyright 2000-2016 NTT Security (US) Inc., a wholly-owned subsidiary of NTT
Group. All rights reserved. ActiveGuard and Solutionary are registered
trademarks and NTT Security is a trademark of NTT Security (US) Inc.
Solutionary, the ActiveGuard logo icon, and the Solutionary logo icon are
registered service marks of NTT Security (US) Inc.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
