[rsyslog-notify] Forum Thread: Re: rsyslog custom log no formatting - (Mode 'edit_last_post')
noreply at adiscon.com
noreply at adiscon.com
Tue Jun 14 10:37:07 CEST 2016
User: buran980
Forumlink: http://kb.monitorware.com/viewtopic.php?p=26596#p26596
Message:
----------
Thank's for the tips [b:2ggt95bp]dlang[/b:2ggt95bp], here is my current
setup:
Client A rsyslog.conf:
[code:2ggt95bp]module(load="imfile" PollingInterval="3")
input(type="imfile" File=" /opt/kendo/kendo.log"
Tag="KENdo"
StateFile="/var/spool/rsyslog/statefile1"
)
*.* @@serverB[/code:2ggt95bp]
Server B rsyslog.conf:
[code:2ggt95bp]$template
RemoteLogs,"/var/log/remote-logs/%HOSTNAME%/%$YEAR%-%$MONTH%/%$DAY%-%PROGRAMNAME%.log"
*.* ?RemoteLogs
& stop[/code:2ggt95bp]
Contents from original log on client A:
Kendo (剣道 kendō ?, lit. "sword way") is a modern Japanese martial art.
Today, it is widely practiced within Japan and many other nations across
the world.
Contents from collected log on server B:
Jun 14 09:34:06 serverA KENdo Kendo (剣道 kendō ?, lit. "sword way") is a
modern Japanese martial art.
Jun 14 09:34:06 serverA KENdo Today, it is widely practiced within Japan
and many other nations across the world.
Now i would like to achieve two things:
1) collected log should be identical like original ( i want that "Jun 14
09:34:06 serverA KENdo" out of collected log)
2) collected log on server B to be in separate dir from other logs eg.
/var/log/KENDO/%HOSTNAME%/%$YEAR%-%$MONTH%/%$DAY%-%PROGRAMNAME%.log
(currently it's collected in
/var/log/remote-logs/%HOSTNAME%/%$YEAR%-%$MONTH%/%$DAY%-%PROGRAMNAME%.log)
I will look into "RSYSLOG_DebugFormat" syntax and see if i can filter out
"Jun 14 09:34:06 serverA KENdo Kendo" part.
rsyslog version is 7.4.7
Meanwhile suggestions are welcomed.
Again thank you, for the help.
More information about the rsyslog-notify
mailing list