[rsyslog-notify] Forum Thread: Re: Help with SRX3600 SD-Sylog Stream to Rsyslog - (Mode 'reply')
noreply at adiscon.com
noreply at adiscon.com
Thu Apr 3 02:08:39 CEST 2014
User: dlang
Forumlink: http://kb.monitorware.com/viewtopic.php?p=24470#p24470
Message:
----------
That is a RFC5424 structured log format, with all the interesting
information in the structure. Almost nothing actually uses that ;-)
take a look at <!-- m --><a class="postlink"
href="http://www.rsyslog.com/doc/mmpstrucdata.html">http://www.rsyslog.com/doc/mmpstrucdata.html</a><!--
m --> it tells you what to add to parse out the structured data.
That puts everything in the $! variables, but you will have to change the
template that you use to output the data to include this data. The easiest
way to do this is to incluce %$!% in a template.
Look this over and then ask again after you've played with it a little bit.
By the way, you didn't say what version of rsyslog you are running, I think
this needs v7.6+
David Lang
More information about the rsyslog-notify
mailing list