[rsyslog] omrelp and filtering

Stuart Longland stuartl at vrt.com.au
Wed May 3 12:28:48 CEST 2017


Hi all,

This is a bit of a dumb question… but I have hunted high and low, and
haven't found an answer.  We at the moment use RELP/TLS to transfer logs
around, and this works well, but we have a need to filter what gets
passed upstream.

We use the new filter syntax:
> module(load="omrelp")
> action(
>     type="omrelp"
>     target="10.20.30.1"
>     port="32514" tls="on"
>     tls.authMode="fingerprint"
>     tls.caCert="/etc/rsyslog/ca.pem"
>     tls.myCert="/etc/rsyslog/client.pem"
>     tls.myPrivKey="/etc/rsyslog/client.key"
>     tls.permittedpeer=[
>         "SHA1:01:23:45:67:89:AB:CD:EF:01:23:45:67:89:AB:CD:EF:01:23:45:67"
> ])
> 
> # Use fully qualified name in forwarded logs
> $PreserveFQDN on

Now, the filter examples use a totally different syntax which I
understand comes from traditional syslog:

> *.*  :omrelp:<server>:<port>;<template>
(from the omrelp page)

I'm guessing the modern equivalent is not:

*.* action(…)

or I'd see examples along those lines.  How does one apply one of the
filter conditions to an action like the one above?

Regards,
-- 
##   -,-''''-. ###### Stuart Longland, Programmer/Network Admin
##.  :  ##   :   ##   38b Douglas Street
 ## #  ## -'`   .#'   Milton, QLD, 4064
 '#'  *'   '-.  *'    http://www.vrt.com.au
     S Y S T E M S    T: +61 7 3535 9619   F: +61 7 3535 9699



More information about the rsyslog mailing list