[rsyslog-notify] Forum Thread: Re: Unix socket with rfc5424 messages - (Mode 'reply')
noreply at adiscon.com
noreply at adiscon.com
Thu Apr 17 15:30:33 CEST 2014
User: ldo2000
Forumlink: http://kb.monitorware.com/viewtopic.php?p=24554#p24554
Message:
----------
Thanks for the reply. It's a pretty simple config. It's been stripped down
for testing:
#########################
$ModLoad imuxsock # provides support for local system logging
$ModLoad imklog # provides kernel logging support (previously done by
rklogd)
$ModLoad imudp
$UDPServerRun 514
$template template5424, "<%PRI%>%PROTOCOL-VERSION%
%TIMESTAMP:::date-rfc3339% %HOSTNAME% %APP-NAME% %PROCID% %MSGID%
%STRUCTURED-DATA% %msg%ZZZZZ %rawmsg%\n"
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
$FileOwner syslog
$FileGroup adm
$FileCreateMode 0640
$DirCreateMode 0755
$Umask 0022
$PrivDropToUser syslog
$PrivDropToGroup syslog
$WorkDirectory /var/spool/rsyslog
*.* /var/log/debuglog;RSYSLOG_DebugFormat
########################
Also, I'm not actually needing the structured data part. I need APP-NAME,
PROC-ID, MSGID to be correct. Notice in my example that with UDP these
fields are parsed correctly from the RFC-5424 message. But with Unix
sockets the values are all screwed up (e.g. the APP-NAME is 1 instead of
AppName1 as was sent in the message).
Lindsey
More information about the rsyslog-notify
mailing list