woops don't mind me, I re-read your post and see I missed escaping the \d+
On Thu, Sep 17, 2015 at 4:26 PM, Orangepeel Beef
wrote:
> Hmm, I think it still isn't working
>
> if re_match($fromhost-ip, '^1\\.1\\.195\\.\d+') then {
>
>
> rsyslogd: version
nd if . is matching
like a regex . it could get all kinds of false matches.
On Thu, Sep 17, 2015 at 12:31 AM, Rainer Gerhards
wrote:
> 2015-09-17 9:24 GMT+02:00 Orangepeel Beef :
> > Aha! Thanks. I actually tried to use the escaping tool on the rsyslog
> > website but just ende
t; HTH
> Rainer
>
> 2015-09-17 4:20 GMT+02:00 Orangepeel Beef :
> > A while back I asked a question and got a working response on how to do
> > else if in the rsyslog.conf
> >
> > http://www.gossamer-threads.com/lists/rsyslog/users/9909
> >
> >
A while back I asked a question and got a working response on how to do
else if in the rsyslog.conf
http://www.gossamer-threads.com/lists/rsyslog/users/9909
I'm trying to do something very similar again, but it's not working as I'd
expect it to.
if re_match($fromhost-ip, '1\.2\.\d+\.\d+') the
That is correct, this definitely breaks integration with upstream. I have
worked around it by creating a dummy package with equivs, but this should
really be corrected in the PPA.
On Mon, Aug 18, 2014 at 11:03 AM, Nathan Stratton Treadway <
nathanst+rsyslog-us...@ontko.com> wrote:
> On Mon, Aug
Guess I will need to make a dummy package for rsyslog-gnutls as i am
required to install it...
On Mon, Aug 18, 2014 at 7:18 AM, Rainer Gerhards
wrote:
> I took the liberty to open a bug tracker:
>
> https://github.com/rsyslog/rsyslog-pkg-ubuntu/issues/12
>
> Rainer
>
>
> On Mon, Aug 18, 2014 at
, David Lang wrote:
> I believe that the rsyslog-gnutls package is not needed any longer (or
> that may be in v8) as the functionality is in the base package.
>
> try removing the -gnutls package and see if that solves it
>
> David Lang
>
> On Thu, 14 Aug 2014, Orangepeel Be
, which is also in
package rsyslog 8.2.0-0adiscon1precise4
On Thu, Aug 14, 2014 at 5:25 PM, Orangepeel Beef
wrote:
> ubuntu precise packages are conflicting with each other. Cannot install
> rsyslog-gnutls.
>
> The following NEW packages will be installed:
> rsyslog-gnu
ubuntu precise packages are conflicting with each other. Cannot install
rsyslog-gnutls.
The following NEW packages will be installed:
rsyslog-gnutls
0 upgraded, 1 newly installed, 0 to remove and 62 not upgraded.
Need to get 0 B/29.9 kB of archives.
After this operation, 81.9 kB of additional d
There are a ton of headaches associated with directly logging to
elasticsearch as well.
How do you reindex if an index crashes if you are not storing your logs
somewhere else as an intermediary? ES crashes indexes if it runs out of
memory, or disk space, and they crash hard. I've rebuilt indexes
local or from other hosts. I will try that and see how it
> goes.
>
>
>
> -Original Message-
> From: rsyslog-boun...@lists.adiscon.com [mailto:
> rsyslog-boun...@lists.adiscon.com] On Behalf Of Orangepeel Beef
> Sent: Wednesday, May 14, 2014 2:33 PM
> To: rsyslog-users
>
>
>
>
>
> -Original Message-
> From: rsyslog-boun...@lists.adiscon.com [mailto:
> rsyslog-boun...@lists.adiscon.com] On Behalf Of Orangepeel Beef
> Sent: Wednesday, May 14, 2014 12:25 PM
> To: rsyslog-users
> Subject: Re: [rsyslog] Rsyslog w/ logstash-elastics
L the logs. You may need
to adjust your positioning, but that should work.
On Wed, May 14, 2014 at 12:21 PM, Orangepeel Beef
wrote:
> if $fromhost-ip !='127.0.0.1' then {
> action(name="PerHostFile" type="omfile" dynafile="RemoteHost"
> DynaFileCa
ted, but that broke some things. It stopped my
> other template action to send the logs to elasticsearch. (From there Kibana
> sees the logs)
>
> Here is a snippet from my config.
> http://pastebin.com/2W4g6nUS
>
>
>
> -Original Message-
> From: rsyslog-boun...
t a 404 "this is not the page you are looking
> for" with a cute star wars themed character.
>
>
>
> -Original Message-
> From: rsyslog-boun...@lists.adiscon.com [mailto:
> rsyslog-boun...@lists.adiscon.com] On Behalf Of Orangepeel Beef
> Sent: Wednesday, May
iginal Message-
> From: rsyslog-boun...@lists.adiscon.com [mailto:
> rsyslog-boun...@lists.adiscon.com] On Behalf Of Orangepeel Beef
> Sent: Wednesday, May 14, 2014 10:52 AM
> To: rsyslog-users
> Subject: Re: [rsyslog] Rsyslog w/ logstash-elasticsearch-kibana server
>
> A
Add the word 'stop' on the next line.
On Wed, May 14, 2014 at 10:21 AM, Josh Bitto wrote:
> Hey David,
>
> I had a question for you and anyone else that know's the answer to.
> Currently I'm running the omfile you suggested on my development server and
> I'm noticing that the code is working,
what does your /var/log/elasticsearch/cluster_name.log have to say for
itself?
On Tue, Apr 29, 2014 at 3:26 PM, Josh Bitto wrote:
> Ok so after everyone's input I decided to go with
> Rsyslog->Elasticsearch->Kibana setup.
>
> So I'm running CentOS 6.5 with apache. On a virtualbox machine.
> Rsy
from anywhere.
personally id use lumberjack for that though so its all encrypted.
On Apr 8, 2014 11:17 AM, "Orangepeel Beef" wrote:
> it works, but I find it overly complex for my environment. read: I don't
> need it ;)
> On Apr 8, 2014 11:13 AM, "Josh Bitto"
.@lists.adiscon.com [mailto:
> rsyslog-boun...@lists.adiscon.com] On Behalf Of Orangepeel Beef
> Sent: Tuesday, April 08, 2014 11:11 AM
> To: rsyslog-users
> Subject: Re: [rsyslog] Rsyslog w/ logstash-elasticsearch-kibana server
>
> I use rsyslog to pipe into sec, and then use logstash
I use rsyslog to pipe into sec, and then use logstash file input to index.
could be done without SEC as well. I don't like delivering syslog right
into logstash.
On Apr 8, 2014 11:09 AM, "Sphonic" wrote:
> I use rsyslog to send all items to logstash which has a syslog listener
> enabled.
>
> Sen
I'm a network engineer and we use rsyslog as our centralized syslog
server. we collect logs not only from systems but tons of networking
gear. after rsyslog gets it we send it into SEC for alerting, then
logstash for indexing. Anyone who says syslog is dead is definitely not a
networking person.
precise the files are there, but in quantal there is no libestr0 for
v7-devel
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerh
Hey guys, trying to get a template working that is basically
RSYSLOG_FileFormat with the only difference being that hostname is
replaced with %fromhost% in the log message.
The template and property replacer doc page isn't exactly clear to me, can
anyone point me in the right direction?
hards
wrote:
> On Fri, Jun 28, 2013 at 4:39 AM, David Lang wrote:
>
> > On Thu, 27 Jun 2013, Orangepeel Beef wrote:
> >
> > Can you do elsif or else if blocks in rainerscript?
> >>
> >> I haven't seen it in the documentation, but from a com
yeah and of course they changed the syntax recently :)
http://www.rsyslog.com/doc/omprog.html
On Thu, Jun 27, 2013 at 8:42 AM, Risto Vaarandi wrote:
> hi all,
> today, sec-2.7.4 was released, and for the new version there is also a FAQ
> entry on rsyslog integration: http://simple-evcorr.**
>
Can you do elsif or else if blocks in rainerscript?
currently using:
if re_match($fromhost,'^lb.*') then {
*.* action(type="omprog" binary="/usr/local/sbin/sec_netscaler"
template="RSYSLOG_TraditionalFileFormat")
}
if re_match($fromhost,'^(as|cs|r).*') then {
*.* action(type="omprog
omprog.html>
>>>
>>
> the new style format should work
>
> action(type="omprog"
>binary="/pathto/omprog.py --parm1=\"value 1\" --parm2=value2"
>template="RSYSLOG_**TraditionalFileFormat")
>
>
&g
That seems to have done the trick. Is the version that allows parameters
in the devel ubuntu package yet?
On Wed, Jun 26, 2013 at 10:23 PM, Rainer Gerhards
wrote:
> On Thu, Jun 27, 2013 at 5:23 AM, Orangepeel Beef
> wrote:
>
> > So I got rsyslogv7 installed finally and workin
So I got rsyslogv7 installed finally and working, the re_match filters are
working, but it does not seem that the omprog script ever actually executes
even though it receives a child pid, it immediately dies. No output ever
makes it to logs. I even tried a script that just echo'd text to a file in
et when I try.
>
> Rejected:
> natty is obsolete and will not accept new uploads.
>
>
> On Wed, Jun 19, 2013 at 8:36 PM, Orangepeel Beef
> wrote:
>
> > On Wed, Jun 19, 2013 at 4:59 PM, David Lang wrote:
> >
> > > On Wed, 19 Jun 2013, Orangepeel Beef wrote:
&
On Wed, Jun 19, 2013 at 4:59 PM, David Lang wrote:
> On Wed, 19 Jun 2013, Orangepeel Beef wrote:
>
> I am working on a similar problem. Trying to get rsyslog to output to SEC
>> based on hostname regexes. I posted on the forum about this issue.
>> http://kb.monitorware
I am working on a similar problem. Trying to get rsyslog to output to SEC
based on hostname regexes. I posted on the forum about this issue.
http://kb.monitorware.com/post23524.html
Rainer responded and said it looked like too old of a version. Anyone know
what version I need to get this up and
33 matches
Mail list logo