[rsyslog-notify] Forum Thread: Re: omfile with DynFile & %syslogfacility-text% - (Mode 'reply')
noreply at adiscon.com
noreply at adiscon.com
Fri Feb 20 21:15:57 CET 2015
User: dlang
Forumlink: http://kb.monitorware.com/viewtopic.php?p=25270#p25270
Message:
----------
the problem is that you are not properly setting the facility and severity
when they are sending the log
you are using the template string string="%timegenerated% %hostname%
%syslogfacility-text%.%syslogseverity-text%:
%syslogtag:1:32%%msg:::sp-if-no-1st-sp%%msg%\n"
but you aren't sending the pri value that should be before the timestamp
field. "<%pri%>%timegenerated%....."
When you have things like this that aren't what you expect, log the
messages with the template RSYSLOG_DebugFormat and it will show you exactly
what is being received and how it is parsed apart.
The format that you are using will confuse rsyslog because you are putting
the syslog facility and severity in the location that the syslog tag is
supposed to go. Why are you overriding the standard formatting template?
More information about the rsyslog-notify
mailing list