[rsyslog-notify] Forum Thread: Use of $InputFileTag for sorting. - (Mode 'post')
noreply at adiscon.com
noreply at adiscon.com
Fri Oct 24 23:32:45 CEST 2014
User: icog
Forumlink: http://kb.monitorware.com/viewtopic.php?p=25043#p25043
Message:
----------
Hi,
I've been pouring over the documentation I can find for rsyslog5 and came
up with the following configuration. We monitor potentially dozens of logs
per hosts and prior it seemed that Severity level was the primary filtering
method. I tried to do something like this:
Client side:
$InputFileName /var/log/tomcat/localhost_access_log
$InputFileStateFile tomcat_localhost_access_state
$InputFileSeverity info
$InputFileFacility local6
$InputFileTag localhost_access_log:
$InputRunFileMonitor
On the server side I tried to do something like this:
$template tomcat-access, "/central/$HOSTNAME%/tomcat/tomcat_access_log"
if ($source != 'localhost' and $source != 'rsyslog01')\
and $syslogfacility-text == 'local6'\
and $syslogseverity-text == 'info'\
and $inputfiletag == 'localhost_access_log'\
then ?tomcat-access
I can't find any documentation saying that I can use $inputfiletag like
this, but that is the goal. I could totally drop severity as its not really
needed. I'm not trying to do any filtering of the logs, just want what
exists on one side to be on the other as some logs do not follow an
expected pattern or may change. I'm also open to other suggestions of how
to manage potentially dozens of files and any other recommended reading.
Thanks,
Irene
More information about the rsyslog-notify
mailing list