[rsyslog-notify] Forum Thread: Re: filter invalid syslogtag - (Mode 'reply')
noreply at adiscon.com
noreply at adiscon.com
Fri Jul 8 08:46:05 CEST 2016
User: awinberg
Forumlink: http://kb.monitorware.com/viewtopic.php?p=26736#p26736
Message:
----------
My first debug output is from lxserv350, is it something else I should get?
config from lxserv350:
[code:2ei3za27]$ModLoad imuxsock.so
# Where to place auxiliary files
$WorkDirectory /var/lib/rsyslog
# Turn off rate limiting
$SystemLogRateLimitInterval 0
# "Last line repeated n times" feature
$RepeatedMsgReduction on
# Use default timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
#Increase log message size (for java logs primarily)
$MaxMessageSize 32768
#
# APPLICATIONS
$template oversizeTag,"<%PRI%>%TIMESTAMP:::date-rfc3339%
%HOSTNAME% %syslogtag%%msg:::sp-if-no-1st-sp%%msg%"
$template AppLogFmt,"%timegenerated:::date-rfc3339% %HOSTNAME%
%syslogpriority-text:::uppercase% %msg%\n"
$template
AppLogFile,"/local_disk/log/APPLICATIONS/%syslogtag:R,ERE,1,ZERO:.+[a-zA-Z]\[([A-Za-z0-9.-]+)\]*\_*--end%/%$YEAR%/%$MONTH%/%$DAY%/%$HOUR%/%syslogtag:R,ERE,1,ZERO:.+[a-zA-Z]\[([A-Za-z0-9._-]+)\]--end%.log"
#
if $syslogfacility-text == 'local3' then -?AppLogFile;AppLogFmt
# ### begin forwarding rule 1 ###
$ActionQueueSize 1000000
$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible)
$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
$ActionQueueType LinkedList # run asynchronously
$ActionResumeRetryCount -1 # infinite retries if host is down
& @@loghost1;oversizeTag
& ~
[/code:2ei3za27]
The faulty message from lxserv350 is sent to local3 facility by an
application, so thats the filter and actions I included above.
More information about the rsyslog-notify
mailing list