I'm playing with the new template syntax today and for the most part
am having a lot of success. The one thing I find a bit confusing
still is working with the new subtree template types. Given a subtree
that simply includes all properties:
template(name="normalizeTest" type="subtree" subtree="$
Oops,hit return too quickly...
> >If I need more than one
> > field (Positions 3, 5 and 6), I just need to do something like
> > %msg:F:3:5:6%?
%msg:F:3%%msg:F:5%%msg:F:6%
Rainer
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
> -Original Message-
> From: rsyslog-boun...@lists.adiscon.com [mailto:rsyslog-
> boun...@lists.adiscon.com] On Behalf Of Flavio Oliveira
> Sent: Tuesday, October 30, 2012 4:26 PM
> To: rsyslog@lists.adiscon.com
> Subject: Re: [rsyslog] Parsing msg
>
>
> David,
>
> Thank you for replyi
Looks right to me. :-)
/Martin
From: Rainer Gerhards
To: rsyslog-users ,
Date: 2012-10-30 16:32
Subject:Re: [rsyslog] Patch for imzmq3
Sent by:rsyslog-boun...@lists.adiscon.com
Thanks everyone. I have merged the patch:
http://git.adiscon.com/?p=rsyslog.git;a=commit
Hi all,
this release introduced a totally new rate-limiting system for all modules as
well as much better "last message repeated n times" handling. For details,
please see Rainer's blog at
http://blog.gerhards.net/2012/10/rate-limiting-in-rsyslog-732.html
Besides this feature, the version als
Thanks everyone. I have merged the patch:
http://git.adiscon.com/?p=rsyslog.git;a=commitdiff;h=2492552dc8b320e299a51241c5960c0bef67ed1f
@Martin: it would be great if you could check out this commit. The patch was a
bit mangled by the mailer, so I manually applied it. As I can't even
compile-tes
David,
Thank you for replying.
I tried the "F" operation ... but it didn't work properly. I am using "rsyslogd
6.3.0".
I've specified the position 3 (%msg:F:3%), but it always give me the first
field and the second one.
This feature is available from which version? If I need more than one
Patch looks good to us - Thank you!
Brian
On Tue, Oct 30, 2012 at 11:14 AM, Brian Knox wrote:
> Eyeballing it it looks good to me as well. Let me run it by Dave real
> quick and I'll get back to the list!
>
> Brian
>
> On Tue, Oct 30, 2012 at 10:27 AM, Rainer Gerhards
> wrote:
>> Brian,
>>
>>
Eyeballing it it looks good to me as well. Let me run it by Dave real
quick and I'll get back to the list!
Brian
On Tue, Oct 30, 2012 at 10:27 AM, Rainer Gerhards
wrote:
> Brian,
>
> any thought's. From brief look (and without zmq knowledge), this looks pretty
> good to me ;)
>
> Rainer
>
>> -
> -Original Message-
> From: rsyslog-boun...@lists.adiscon.com [mailto:rsyslog-
> boun...@lists.adiscon.com] On Behalf Of Milan Bartos
> Sent: Tuesday, October 30, 2012 10:59 AM
> To: rsyslog-users
> Subject: [rsyslog] $PreserveFQDN with imuxsock on rsyslog v7.2.1?
>
> Hi,
>
> I've a litt
> -Original Message-
> From: rsyslog-boun...@lists.adiscon.com [mailto:rsyslog-
> boun...@lists.adiscon.com] On Behalf Of Martin Nilsson
> Sent: Tuesday, October 30, 2012 3:13 PM
> To: rsyslog@lists.adiscon.com
> Subject: [rsyslog] rsyslog kill signals?
>
> Hi,
>
> I'm a bit confused ab
Brian,
any thought's. From brief look (and without zmq knowledge), this looks pretty
good to me ;)
Rainer
> -Original Message-
> From: rsyslog-boun...@lists.adiscon.com [mailto:rsyslog-
> boun...@lists.adiscon.com] On Behalf Of Martin Nilsson
> Sent: Tuesday, October 30, 2012 3:22 PM
>
Hi,
I've been trying to setup imzmq3 with a PULL socket type, however rsyslog
would segault when I tried it. This patch solved the issue for me:
diff -ru rsyslog-7.2.0.orig/plugins/imzmq3/imzmq3.c
rsyslog-7.2.0/plugins/imzmq3/imzmq3.c
--- rsyslog-7.2.0.orig/plugins/imzmq3/imzmq3.c 2012-10-26
Hi,
I'm a bit confused about the kill signals in rsyslog 7.2.1. In the manual
says "TERM , INT, QUIT Rsyslogd will die." However, it seems that only
QUIT actually works, which confuses the init scripts, at least in CentOS
6.3, eventually leading to the init script doing kill -9, which is bad.
On Tue, Oct 30, 2012 at 1:17 PM, Radu Gheorghe wrote:
> 2012/10/30 C. L. Martinez :
>> On Tue, Oct 30, 2012 at 12:08 PM, Radu Gheorghe
>> wrote:
>>> Hi,
>>>
>>> I think you have to use:
>>>
>>> startswith ' #'
>>>
>>> instead of:
>>>
>>> contains '#'
>>>
>>> Please note the starting space. Take
2012/10/30 C. L. Martinez :
> On Tue, Oct 30, 2012 at 12:08 PM, Radu Gheorghe
> wrote:
>> Hi,
>>
>> I think you have to use:
>>
>> startswith ' #'
>>
>> instead of:
>>
>> contains '#'
>>
>> Please note the starting space. Take a look here for some details:
>> https://bugs.launchpad.net/ubuntu/+so
On Tue, 30 Oct 2012, Flavio Oliveira wrote:
Hi,
I know that Rsyslog supports Regex however I think it only supports
compare-operations.
I would like to parse the received MSG and only send specific fields to another
Rsyslog Server. Is it possible?
Ex.: request123000
On Tue, Oct 30, 2012 at 12:08 PM, Radu Gheorghe wrote:
> Hi,
>
> I think you have to use:
>
> startswith ' #'
>
> instead of:
>
> contains '#'
>
> Please note the starting space. Take a look here for some details:
> https://bugs.launchpad.net/ubuntu/+source/rsyslog/+bug/479592
>
> Best regards,
>
Hi,
I think you have to use:
startswith ' #'
instead of:
contains '#'
Please note the starting space. Take a look here for some details:
https://bugs.launchpad.net/ubuntu/+source/rsyslog/+bug/479592
Best regards,
Radu
2012/10/30 C. L. Martinez :
> Hi all,
>
> I need to discard some messages
Hi all,
I need to discard some messages sent by some rsyslog servers that
starts with "#" at the beginning. I am trying to do something like
this:
if $programname == 'test' or $programname == 'test2' and not $msg
contains '#' then @@1.1.1.1:514
Does this filter would work?
I am using rsyslog
Oh fantastic! I didn't realize the template documentation had been
updated - thank you.
Today will be fun.
Brian
On Tue, Oct 30, 2012 at 7:38 AM, Rainer Gerhards
wrote:
>> -Original Message-
>> From: Brian Knox [mailto:bri...@talksum.com]
>> Sent: Tuesday, October 30, 2012 12:38 PM
>>
> -Original Message-
> From: Brian Knox [mailto:bri...@talksum.com]
> Sent: Tuesday, October 30, 2012 12:38 PM
> To: Rainer Gerhards
> Cc: rsyslog-users
> Subject: Re: [rsyslog] ruleset() {} and call
>
> So the next thing I'd like to dive into in the new build is the new
> template creatio
So the next thing I'd like to dive into in the new build is the new
template creation. I remember there being some discussion on the new
features - but if anyone has a quick pointer to mail archives of those
discussions or some documentation that would be great. In the
meantime I'll poke around a
Hi,
I've a little lack of understanding of $PreserveFQDN directive. It's set to
"on", but FQDN is preserved only in messages from rsyslog itself, not from
imuxsock (don't know about messages from other modules):
Oct 30 08:47:46 localhost.localdomain rsyslogd: [origin software="rsyslogd"
swVers
David
Thanks for the reply.
> I would have the solaris box send it's logs to the centos box and then have
> the
> centos box put the logs in the database.
What a fantastic idea! That seems to be working just fine.
Sometimes it's hard to see the wood for the trees.
Thanks a lot!
ian
___
Hi,
I know that Rsyslog supports Regex however I think it only supports
compare-operations.
I would like to parse the received MSG and only send specific fields to another
Rsyslog Server. Is it possible?
Ex.: request123urlagent5
In the message
On Tue, 30 Oct 2012, Ian wrote:
Hi
I'm a comparative rsyslog novice but I want to log data from Solaris 10 rsyslog
client into a mysql database on CentOS rsyslog server.
It looks like I can't use ommysql on Solaris. Can I use omrel?
If not do I have other options?
I would have the solaris b
Hi
I'm a comparative rsyslog novice but I want to log data from Solaris 10 rsyslog
client into a mysql database on CentOS rsyslog server.
It looks like I can't use ommysql on Solaris. Can I use omrel?
If not do I have other options?
Thanks
Ian
___
rs
28 matches
Mail list logo
