Oh, right, that’s just the kafka config, which lives in rsyslog.d
Here’s the main conf:
# /etc/rsyslog.conf Configuration file for rsyslog.
#
# For more information see
#
/usr/share/doc/rsyslog-doc/html/rsyslog_conf.html
#################
#### MODULES ####
#################
module(load="imuxsock") # provides support for local system logging
module(load="imklog") # provides kernel logging support
#module(load="immark") # provides --MARK-- message capability
# provides UDP syslog reception
#module(load="imudp")
#input(type="imudp" port="514")
# provides TCP syslog reception
#module(load="imtcp")
#input(type="imtcp" port="514")
###########################
#### GLOBAL DIRECTIVES ####
###########################
#
# Use traditional timestamp format.
# To enable high precision timestamps, comment out the following line.
#
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
#
# Set the default permissions for all log files.
#
$FileOwner root
$FileGroup adm
$FileCreateMode 0640
$DirCreateMode 0755
$Umask 0022
#
# Where to place spool and state files
#
$WorkDirectory /var/spool/rsyslog
#
# Include all config files in /etc/rsyslog.d/
#
$IncludeConfig /etc/rsyslog.d/*.conf
###############
#### RULES ####
###############
#
# First some standard log files. Log by facility.
#
auth,authpriv.* /var/log/auth.log
*.*;auth,authpriv.none -/var/log/syslog
#cron.* /var/log/cron.log
daemon.* -/var/log/daemon.log
kern.* -/var/log/kern.log
lpr.* -/var/log/lpr.log
mail.* -/var/log/mail.log
user.* -/var/log/user.log
#
# Logging for the mail system. Split it up so that
# it is easy to write scripts to parse these files.
#
mail.info -/var/log/mail.info
mail.warn -/var/log/mail.warn
mail.err /var/log/mail.err
#
# Some "catch-all" log files.
#
*.=debug;\
auth,authpriv.none;\
news.none;mail.none -/var/log/debug
*.=info;*.=notice;*.=warn;\
auth,authpriv.none;\
cron,daemon.none;\
mail,news.none -/var/log/messages
#
# Emergencies are sent to everybody logged in.
#
*.emerg
:omusrmsg:*
From: rsyslog <rsyslog-boun...@lists.adiscon.com> on behalf of Dan Pritts via
rsyslog <rsyslog@lists.adiscon.com>
Reply to: rsyslog-users <rsyslog@lists.adiscon.com>
Date: Friday, 24 January 2020 at 17:26
To: rsyslog-users <rsyslog@lists.adiscon.com>
Cc: Dan Pritts <da...@umich.edu>
Subject: Re: [rsyslog] Modify Logs with different word in a log string
I'm not entirely sure what you mean, but based on your configuration...
rsyslog is not going to modify the log file it is reading from.
If you want to debug locally, use the template in a rule that logs to a
file.
Dan Pritts
ICPSR Computing and Network Services
On 24 Jan 2020, at 4:36, Patrick Peter via rsyslog wrote:
> Hello Danno
>
> Thank you for helping, I am able to replace the text i want with
> configs you
> suggested.
> But while using within a ruleset, it does not replace in the log file
> which
> is being written by the application.
> Could you please help me in sorting this out?
>
>
> Below is how i am doing it, please correct me. ruleset will have other
> parameters to send the logs to a target server, but right now i am
> just
> trying to make it work locally and later i will mention the target and
> other
> parameters.
>
>
> $template test_template,"%PRI% %timestamp%
> %programname%%msg:R,ERE,1,FIELD:(.*)text_to_replace/.*--end%
> text_to_replace_wtih %msg:R,ERE,1,FIELD:.*text_to_replace(.*)--end%\n"
>
> ruleset(name="sendToLocal") {
> :msg, contains, "text_to_replace" stop
> action(type="omfwd" Template="test_template")
> }
>
> input(type="imfile"
> File="/path/to/my/logfile.log"
> maxSubmitAtOnce="2048"
> escapelf="on"
> Tag="Tag_Name"
> startmsg.regex="^[[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2}
> [[:digit:]]{2}:[[:digit:]]{2}:[[:digit:]]{2},[[:digit:]]{3} "
> Severity="info"
> Ruleset="sendToLocal")
>
>
> Thanks & Regards,
> Pat
>
>
>
> --
> Sent from:
> http://rsyslog-users.1305293.n2.nabble.com/<http://rsyslog-users.1305293.n2.nabble.com/>
> _______________________________________________
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog<http://lists.adiscon.net/mailman/listinfo/rsyslog>
> http://www.rsyslog.com/professional-services/<http://www.rsyslog.com/professional-services/>
> What's up with rsyslog? Follow
> https://twitter.com/rgerhards<https://twitter.com/rgerhards>
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
> myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST
> if you DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog<http://lists.adiscon.net/mailman/listinfo/rsyslog>
http://www.rsyslog.com/professional-services/<http://www.rsyslog.com/professional-services/>
What's up with rsyslog? Follow
https://twitter.com/rgerhards<https://twitter.com/rgerhards>
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
