mit which modified omzmq3 :
http://git.adiscon.com/?p=rsyslog.git;a=commitdiff;h=92e55a8b1b20bedd82a81220a6173bd761f29ddd
The commit updated the README to explicitely tell us we should use czmq
1.3.2. But that looks wrong (missing symbol issue).
Brian, Hongfei: any thoughts on the issue ?
Thanks
Hello James,
You can run your command before launch rsyslog, store it's output in an
environment variable, then access the variable's value using the getenv()
function.
Philippe Muller
On Wed, Jul 3, 2013 at 4:17 PM, Boylan, James wrote:
> Had a quick question for everyone as I
Great. :-)
Philippe Muller
On Wed, Jun 26, 2013 at 9:26 AM, Rainer Gerhards
wrote:
> OK, I now know what's going on. Will post to the bug tracker.
>
>
> On Tue, Jun 25, 2013 at 6:59 PM, Philippe Muller
> wrote:
>
> > Here is the full debug log, using the confi
Here is the full debug log, using the configuration example I gave in my
first e-mail : http://dl.free.fr/oU1IyTMcN
Philippe Muller
On Mon, Jun 24, 2013 at 10:59 AM, Rainer Gerhards
wrote:
> On Fri, Jun 21, 2013 at 10:46 AM, Philippe Muller <
> philippe.mul...@gmail.com
> > w
Are you trying to build the stable or the devel branch ?
If you are building the devel branch, perhaps it depends on librelp devel
branch. I'll let those who know confirm this.
Philippe Muller
On Fri, Jun 21, 2013 at 1:24 PM, wrote:
> Hello Philippe and thanks for the answer but it as
Hello Smana,
You have to first upgrade your librelp version.
=> http://download.rsyslog.com/librelp/librelp-1.1.1.tar.gz
Regards,
Philippe Muller
On Fri, Jun 21, 2013 at 11:20 AM, wrote:
> Hello,
>
> I'm trying to compile rsyslog from git (with relp support) but i'm
Any news on this ?
Thanks.
Philippe Muller
On Wed, Jun 5, 2013 at 4:56 PM, Rainer Gerhards wrote:
> Expect at latest next week some better replies - busy with 7.4...
>
> Sent from phone, thus brief.
> Am 04.06.2013 14:02 schrieb "Philippe Muller" :
>
>
Could it be linked to http://bugzilla.adiscon.com/show_bug.cgi?id=443 ?
Philippe Muller
On Mon, Jun 3, 2013 at 4:41 PM, Philippe Muller
wrote:
> Hello,
>
> I recently noticed that I don't have impstats metrics for my rulesets main
> queues. Counters are always 0.
>
>
Hello,
I recently noticed that I don't have impstats metrics for my rulesets main
queues. Counters are always 0.
So I tested with this configuration snippet :
---
module(load="impstats" interval="1")
ruleset(name="foo" queue.type="LinkedList" queue.size="50") {
action(type="omfwd" proto
n.ResumeInterval="5"
Timeout="5")
That configuration makes rsyslog sends its messages to "collector2" if it
can't establish a RELP session with "collector1".
You can add more "backup" collectors.
Sure its not true load balancing. Bu
You don't have to create the files yourself. rsyslog creates files itself
when it has something to write.
If you use imuxsock, your can generate messages using the "logger" command.
Depending on your configuration, you should see your messages in the debug
file.
Philippe Muller
Same as with other files: the file won't be created if there is nothing to
write into.
Philippe Muller
On Wed, Apr 24, 2013 at 7:07 PM, Josh Bitto wrote:
> When I use the *.* /var/log/debugformat;RSYSLOG_DebugFormat
> Does it log if there is anything to log or does it not fill t
Is there a new style syntax we can use to define the main queue parameters ?
What about global parameters, like "MaxMessageSize", "MaxOpenFiles", etc. ?
Philippe Muller
On Wed, Apr 24, 2013 at 8:17 AM, Rainer Gerhards
wrote:
> On Tue, 2013-04-23 at 19:38 -0700, Erik St
all instead be dropped until the
exceptional state ends. The *zmq_send()* function shall never block for
this socket type."
So, could rsyslog be blocked if something goes "wrong" with the PUB socket?
How?
Thanks!
Philippe Muller
___
You don't need to load builtin modules.
Philippe Muller
On Sun, Apr 21, 2013 at 10:15 PM, John Lyman wrote:
> The configuration sample from http://www.rsyslog.com/doc/omfile.html does
> not work with 7.3.10.
>
> # cat test
> Module (load="builtin:omfile&qu
it should be built with SYSLOG_HISTORY defined. I guess you can do it with
"make -DSYSLOG_HISTORY=1".
Philippe Muller
On Mon, Apr 8, 2013 at 8:02 PM, Josh Bitto wrote:
> I did some searching with google and can't find any adequate information
> on it. Do you happen to k
I finally got time to test your patch. And it works perfectly!
Combined with the previous one, the test case of my first post works as
expected. :-)
If some wants to play with it on rsyslog 7.2.6: http://pastebin.com/Y8T7cYS5
Thanks Rainer !
Philippe Muller
On Fri, Apr 5, 2013 at 6:44 PM
How should I apply it ?
I tested on 7.2.6, 7.3.9 and git master. It always gets rejected.
Philippe Muller
On Thu, Apr 4, 2013 at 4:10 PM, Rainer Gerhards wrote:
> Philippe,
>
> > FYI: can reproduce, and seems to be present in master branch as well.
>
> OK, this was a very we
www.rsyslog.com";] start", json: { "appname_doesnt_starts_with_FOO":
1 }
msg: " foo", json: { "appname_doesnt_starts_with_FOO": 1 }
msg: " FOO-bar", json: { "appname_starts_with_FOO": 1,
"appname_doesnt_match_regexp": 1 }
msg: &quo
h": 0, "match_debug": 0,
"match_eq_debug": 0 }
msg: " test-token", json: { "match": 1, "match_debug": 1, "match_eq_debug":
1 }
So I confirm the patch fixes the results of equality tests on set-able
variables (JSON variables ? not sure
That's great. I'll test it ASAP. :-)
Philippe Muller
On Thu, Apr 4, 2013 at 10:12 AM, Rainer Gerhards
wrote:
> > -Original Message-
> > From: rsyslog-boun...@lists.adiscon.com [mailto:rsyslog-
> > boun...@lists.adiscon.com] On Behalf Of Rainer Gerhards
>From my understanding, yes. But I let Rainer confirms that. :-)
Philippe Muller
On Tue, Apr 2, 2013 at 5:24 PM, Brian Knox wrote:
> Philippe - so specifying any queue parameters in the ruleset definition
> will as a side effect perform the equivalent of a $RulesetCreateMainQueue
&g
Hi Brian,
Yes, you can do it by specifying the parameters inside ruleset(); for
example:
ruleset(name="collectors" queue.type="linkedlist" queue.size="5") { ...
}
Philippe Muller
On Tue, Apr 2, 2013 at 4:09 PM, Brian Knox wrote:
> Is there a way to s
t foo
Result : app-name: "FOO-BAR", msg: " test foo", json: {
"appname_starts_with_FOO": 1, "appname_2nd_field_isnt_BAR": 1,
"appname_doesnt_match_regexp": 1 }
=> Should only have "appname_starts_with_FOO" and
"appname_d
Here is the full debug log : http://pastebin.com/SMtnZNuL
Philippe Muller
On Thu, Mar 28, 2013 at 10:57 PM, Rainer Gerhards
wrote:
> No, should work. Debug log?
>
>
> Sent from phone, thus brief.
>
>
>
> Ursprüngliche Nachricht ----
> Von: Philippe Mul
I guess using set-able variables in if-statement is not supported.
Rainer : can you confirm that ?
Philippe Muller
On Thu, Mar 28, 2013 at 7:18 PM, Philippe Muller
wrote:
> Hi rsyslog users,
>
> I try to define a scheme which gives users a way to chose if messages
> should be writ
ted from
the tag, but none of the tests on $!rsyslog_flag seem to be evaluated
successfully.
I tested the same config without cnum() + testing $!rsyslog_flag with
strings => same results.
Is there something I'm missing regarding nested if statements ?
If that's the expected behavior
That's great !
Will that feature be ported to the 7.2 branch ?
Philippe Muller
On Tue, Mar 26, 2013 at 11:14 AM, Rainer Gerhards
wrote:
> On Mon, 2013-03-25 at 20:30 +0100, Damian Kaczkowski wrote:
> > On 25 March 2013 19:57, Philippe Muller
> wrote:
> >
> > >
:34 PM, Damian Kaczkowski <
damian.kaczkowski+adiscon.li...@gmail.com> wrote:
> Hi Philippe.
>
> On 25 March 2013 15:06, Philippe Muller wrote:
>
> > Did you try the "inputname" property ?
> >
>
> Yes I tried. Unfortunately it resolves to "imudp" s
Did you try the "inputname" property ?
On Sat, Mar 23, 2013 at 1:52 PM, Damian Kaczkowski <
damian.kaczkowski+adiscon.li...@gmail.com> wrote:
> Hi fellow members.
>
> I am rather new to rsyslog and I am struggling with one problem thus
> looking for help. My syslog server listen on about 2000 u
Did you tried to parse your messages using mmnormalize ?
(I know it's still not regexp, but so much lighter ;-)
Philippe Muller
On Wed, Mar 20, 2013 at 11:34 PM, Gary Foster wrote:
> Yeah I already know how to set/unset etc (I'm doing that in other places).
> Fields won&#x
a string delimited by slashes
("/") :
set $!var = field($somevar, 47, 2);
For more information about functions, see
http://www.rsyslog.com/doc/rainerscript.html
Philippe Muller
On Wed, Mar 20, 2013 at 10:36 PM, David Lang wrote:
> Version 7 has added the ability to set variables that y
On Wed, Mar 20, 2013 at 10:44 AM, Rainer Gerhards
wrote:
> On Tue, 2013-03-19 at 19:37 +0100, Philippe Muller wrote:
> > Hi,
> >
> > I try to get a coherent names for programs who send messages to rsyslog.
> > For most messages, $app-name or $programname do the job (I
Hi,
I try to get a coherent names for programs who send messages to rsyslog.
For most messages, $app-name or $programname do the job (I get $syslogtag
without the trailing "[pid]:").
However, $app-name/$programname does not play well with some system
defaults.
For example, on RHEL6 servers, the c
I quickly tested on 7.2.6 using RELP : yes, the default forwarding template
still truncates at 32 chars.
Philippe Muller
On Mon, Mar 18, 2013 at 4:58 PM, Rainer Gerhards
wrote:
> On Mon, 2013-03-18 at 17:00 +0200, ign...@vault13.lt wrote:
> > Hello,
> >
> > I am forwardi
The default template use this:
property(name="syslogtag" position.from="1" position.to="32")
Source: http://www.rsyslog.com/doc/rsyslog_conf_templates.html
Philippe Muller
On Mon, Mar 18, 2013 at 4:15 PM, Philippe Muller
wrote:
> The default forwarding tem
The default forwarding template enforces the RFC tag length limitation. You
use a custom template to prevent the tag truncation :
template(name="ForwardFullTag" type="list") {
constant(value="<")
property(name="PRI")
constant(value="<")
property(name="timestamp" dat
Hello rsyslog-users,
I really like the idea of imuxsock's trusted properties and structured
logging.
However, when using both features lets users override the trusted
properties.
I guess It's because the JSON parsing takes place after the trusted
properties parsing.
Here is my configuration :
$M
That's great. Thanks. :-)
Philippe Muller
On Fri, Mar 15, 2013 at 8:59 AM, Rainer Gerhards
wrote:
> > > > Reading project Lumberjack documentation[1], I spotted the
> > > > "SystemLogParseTrusted" parameter.
> > > >
> > >
;subtree" subtree="$!")
action(type="omfile" file="/tmp/test" template="test")
Result:
# logger foo
# cat /tmp/test
{ "pid": 14323, "uid": 0, "gid": 0, "exe": "\/usr\/bin\/logger", "cmd":
&qu
yone know how to make trusted properties available as rainerscript
variables ?
Thanks !
Philippe Muller
References:
1: https://fedorahosted.org/lumberjack/wiki/rsyslog
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://
I guess you meant :
if $fromhost-ip == "2.2.2.2" then @192.168.0.1
Philippe Muller
On Fri, Mar 8, 2013 at 2:10 PM, Radu Gheorghe wrote:
> Hi Clayton,
>
> Have a look here:
> http://www.rsyslog.com/doc/rsyslog_conf_filter.html
>
> You can do something like:
>
order to prevent the complete
locking ?
Thanks for your help :-)
Philippe
Philippe Muller
On Mon, Dec 17, 2012 at 11:02 PM, David Lang wrote:
> On Mon, 17 Dec 2012, John Miller wrote:
>
> Hello everyone,
>>
>> I'm running into a strange problem with some new RHEL
Proper stack trace handling is very interesting !
"Note that the code has never been used in practice by us, so there may be
some risk associated"
Did someone use it in production since it was released ?
Philippe Muller
On Thu, Nov 1, 2012 at 6:48 PM, wrote:
> On Thu, 1 Nov
I guess he meant "rsyslog only have parsers for standard syslog message
formats" :-)
Philippe Muller
On Thu, Nov 1, 2012 at 9:19 AM, Flavio Oliveira wrote:
>
> Hi,
>
> I used a text file with fields separed for tabs and sent the lines to
> rsyslog via UDP.
>
&g
Since InputFileTag and $programname doesn't match, are you sure your
messages are forwarded by this action ?
(You can use impstats to see which action counter is incremented)
Philippe Muller
On Wed, Oct 31, 2012 at 11:30 AM, C. L. Martinez wrote:
> Hi all,
>
> I am trying to confi
Hello,
RemoteHostAuto is your file path template. You have to define a message
template which include %fromhost-ip%, for example :
$template LineTemplate,"%timereported% %fromhost-ip%
%syslogtag%%msg:::sp-if-no-1st-sp%%msg:::drop-last-lf%\n"
Then use it in your action :
*.* ?RemoteHostAuto;LineTe
er
> > -Original Message-
> > From: rsyslog-boun...@lists.adiscon.com [mailto:rsyslog-
> > boun...@lists.adiscon.com] On Behalf Of Philippe Muller
> > Sent: Tuesday, October 23, 2012 5:05 PM
> > To: rsyslog-users
> > Cc: rsyslog-boun...@lists.adi
Hi,
Since people seem interested in omzmq3, here is how it worked for me:
- Built zeromq 3.2.1-rc2
- Built czmq 1.2.0, linking it with zeromq 3.2.1-rc2
- Built rsyslog 7.1.12, using the "--enable-omzmq3" configure option
- Configured rsyslog to publish all messages on a zmq bind socket : *.*
actio
Brian,
What zeromq RC are you using ?
Thanks,
Philippe
On Wed, Oct 17, 2012 at 2:51 PM, Brian Knox wrote:
> Is it possible for you to send the config you are using to us? If you
> don't want to post the config on the list, bri...@talksum.com will
> work.
>
> czmq 1.3.0
> libzmq-3.2.1
>
> B
Hi Alexandr,
Try:
# Write all messages from IKOBZARXP to mysql
if $hostname == "IKOBZARXP" then :ommysql:localhost,Syslog,syslog,passwoed
# send all error messages from IKOBZARXP by e-mail
if ($hostname == "IKOBZARXP" and $syslogseverity == 3) then
:ommail:;mailBody
By the way, $syslogseverity
51 matches
Mail list logo
