[rsyslog-notify] Forum Thread: Re: filter invalid syslogtag - (Mode 'reply')
noreply at adiscon.com
noreply at adiscon.com
Thu Jul 7 15:15:30 CEST 2016
User: awinberg
Forumlink: http://kb.monitorware.com/viewtopic.php?p=26712#p26712
Message:
----------
Thanks for quick reply!
Here's a debug output for a message with an invalid syslogtag:
[code:1v6wjy2k]Debug line with all properties:
FROMHOST: 'lxserv350', fromhost-ip: '127.0.0.1',
HOSTNAME: 'lxserv350', PRI: 156,
syslogtag '`<87>^A40^?:', programname: '`', APP-NAME: '`',
PROCID: '-', MSGID: '-',
TIMESTAMP: 'Jul 7 13:02:03', STRUCTURED-DATA: '-',
msg: '0^?:
[org.jboss.jca.core.connectionmanager.pool.strategy.PoolBySubject]
IJ000604: Throwable while attempting to get a new connection: null'
escaped msg: '0:
[org.jboss.jca.core.connectionmanager.pool.strategy.PoolBySubject]
IJ000604: Throwable while attempting to get a new connection: null'
inputname: imuxsock rawmsg: '<156>Jul 7 13:02:03
`<87>#00140^?:
[org.jboss.jca.core.connectionmanager.pool.strategy.PoolBySubject]
IJ000604: Throwable while attempting to get a new connection:
null'[/code:1v6wjy2k]
The syslogtag in this instance is really messed up. I got other more sane
examples, like from vmware which sends "vmkernel:" as syslogtag.
Neither of these examples contains a bracket, which is what I'm trying to
filter on. I also tried to filter on the "$procid" field, since this really
is what I'm interested in - but this also results in discarding all my
logs. I should probably mention that this is a loghost server, so the
messages I am trying to filter out are being sent to this server via tcp
(with rsyslog on the client side as well).
More information about the rsyslog-notify
mailing list