[rsyslog-notify] Forum Thread: Re: Log Infromation - (Mode 'reply')

noreply at adiscon.com noreply at adiscon.com
Fri May 20 14:15:39 CEST 2016 

User: IvanAK 
Forumlink: http://kb.monitorware.com/viewtopic.php?p=26534#p26534

Message: 
----------
Syslog-NG is configured to send with RFC5424. I think the problems lies in
the DB. When i try to list what have in "message" table in "syslog" DB i
have the following results:

[code:2qjf8yan]db.messages.find()
{ "_id" : ObjectId("57344b044475ad124c713230"), "TAGS" :
".source.s_sys", "SOURCEIP" : "127.0.0.1", "SOURCE"
: "s_sys", "SEQNUM" : "1", "PROGRAM" : "syslog-ng", "PRIORITY"
: "notice", "PID" : "11377", "MESSAGE" : "syslog-n
g starting up; version='3.7.3'", "HOST_FROM" : "syslogserver",
"HOST" : "syslogserver", "FACILITY" : "syslog", "DATE" : "May
12 05:21:08" }
{ "_id" : ObjectId("57344b044475ad124c71323f"), "_TRANSPORT" :
"kernel", "_SOURCE_MONOTONIC_TIMESTAMP" : "0", "_MACHINE_ID" :
"3a1b1702e8554af1b88f90b404089329", "_BOOT_ID" :
"a99860976f4b493db69999b0b65079a8", "TAGS" : ".source.(null)",
"SOURCEIP" : "127.0.0.1", "SEQNUM" : "16", "PROGRAM"
: "kernel", "PRIORITY" : "notice", "MESSAGE" : "Linux version
3.10.0-327.13.1.el7.x86_64
(builder at kbuilder.dev.centos.org) (gcc version 4.8.3
20140911 (Red Hat 4.8.3-9) (GCC) ) #1 SMP Thu Mar 31
16:04:38 UTC 2016", "HOST_FROM" : "syslogserver", "HOST" :
"localhost.localdomain", "FACILITY" : "kern", "DATE" : "May 12
04:35:43" }
source.(null)", "SOURCEIP" : "127.0.0.1", "SEQNUM"
: "20", "PROGRAM" : "kernel", "PRIORITY" : "info", "MESSAGE"
: "Command line:
BOOT_IMAGE=/vmlinuz-3.10.0-327.13.1.el7.x86_64
root=/dev/mapper/centos-root ro crashkernel=auto
rd.lvm.lv=centos/root rd.lvm.lv=centos/swap rhgb quiet
LANG=en_US.UTF-8", "HOST_FROM" : "syslogserver", "HOST" :
"localhost.localdomain", "FACILITY" : "kern", "DATE" : "May 12
04:35:43" }
Type "it" for more
[/code:2qjf8yan]

I talk to syslog-ng guys and they told me that putting the
"flags(syslog-protocol)" in the source filed, im activate the RFC mode. So
i did but sitll nothing. Any other solutions ? What else can i try.
Currently trying to put columns in the table so i can see if missing or
should i added as i did with MySQL etc.

More information about the rsyslog-notify mailing list