Hi, It seems that the primary purpose of omelasticsearch is to send logs to elesticsearch rest, running on http or https, thus using tcp. It's not intended to use udp.
https://www.rsyslog.com/doc/v8-stable/configuration/modules/omelasticsearch.html But I might be wrong... Flo On Mon, Nov 12, 2018 at 3:12 PM sophie.loewenthal--- via rsyslog < [email protected]> wrote: > > I thought this could work, but nope: > > protocol="tcp" / protocol="udp" > > > rsyslogd: error during parsing file /etc/rsyslog.conf, on or before line > 70: parameter 'protocol' not known -- typo in config file? [v8.24.0 try > http://www.rsyslog.com/e/2207 ] > > > > -----Original Message----- > > From: rsyslog [mailto:[email protected]] On Behalf Of > > sophie.loewenthal--- via rsyslog > > Sent: Monday, November 12, 2018 2:44 PM > > To: rsyslog-users > > Cc: LOEWENTHAL Sophie > > Subject: [rsyslog] Ruleset : send to server over UDP instead of TCP > > > > Hi, > > > > Will this rule send the messages to the server over UDP or TCP? I would > like this > > to be UDP. > > > > # RuleSet > > *.info { action (type="omelasticsearch" > > server="el8" > > serverport="10514" > > searchIndex="unix" > > bulkmode="on" > > template="ElasticSearchTemplate" > > name="el8-514-out" > > queue.size="1024000" > > queue.filename="el8-10514.queue" > > queue.spoolDirectory="/soft/rsyslog/queues" > > queue.maxdiskspace="512m" > > queue.type="FixedArray" > > queue.maxfilesize="20m" > > queue.saveonshutdown="on" > > queue.discardseverity="6" > > Action.ResumeInterval="1" > > Action.ResumeRetryCount="-1" > > ) > > } > > > > This page gives examples in the old format, but not for the new format: > > https://www.rsyslog.com/doc/v8-stable/configuration/actions.html > > > > Best wishes, > > Sophie > > > > This message and any attachments (the "message") is > > intended solely for the intended addressees and is confidential. > > If you receive this message in error,or are not the intended > recipient(s), > > please delete it and any copies from your systems and immediately notify > > the sender. Any unauthorized view, use that does not comply with its > purpose, > > dissemination or disclosure, either whole or partial, is prohibited. > Since the > > internet > > cannot guarantee the integrity of this message which may not be > reliable, BNP > > PARIBAS > > (and its subsidiaries) shall not be liable for the message if modified, > changed or > > falsified. > > Do not print this message unless it is necessary, consider the > environment. > > > > > -------------------------------------------------------------------------------------------------- > > -------------------------------- > > > > Ce message et toutes les pieces jointes (ci-apres le "message") > > sont etablis a l'intention exclusive de ses destinataires et sont > confidentiels. > > Si vous recevez ce message par erreur ou s'il ne vous est pas destine, > > merci de le detruire ainsi que toute copie de votre systeme et d'en > avertir > > immediatement l'expediteur. Toute lecture non autorisee, toute > utilisation de > > ce message qui n'est pas conforme a sa destination, toute diffusion ou > toute > > publication, totale ou partielle, est interdite. L'Internet ne > permettant pas > > d'assurer > > l'integrite de ce message electronique susceptible d'alteration, BNP > Paribas > > (et ses filiales) decline(nt) toute responsabilite au titre de ce > message dans > > l'hypothese > > ou il aurait ete modifie, deforme ou falsifie. > > N'imprimez ce message que si necessaire, pensez a l'environnement. > > > > _______________________________________________ > > rsyslog mailing list > > http://lists.adiscon.net/mailman/listinfo/rsyslog > > http://www.rsyslog.com/professional-services/ > > What's up with rsyslog? Follow https://twitter.com/rgerhards > > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > of > > sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T > > LIKE THAT. > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > DON'T LIKE THAT. > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
