Otdfbt

Why didn't Boeing produce its own regional jet?

Forgetting the musical notes while performing in concert

Is it inappropriate for a student to attend their mentor's dissertation defense?

What is a Samsaran Word™?

Car headlights in a world without electricity

how do we prove that a sum of two periods is still a period?

Is it a bad idea to plug the other end of ESD strap to wall ground?

Is it possible to map the firing of neurons in the human brain so as to stimulate artificial memories in someone else?

How can I deal with my CEO asking me to hire someone with a higher salary than me, a co-founder?

Placement of More Information/Help Icon button for Radio Buttons

How could indestructible materials be used in power generation?

In the UK, is it possible to get a referendum by a court decision?

Using "tail" to follow a file without displaying the most recent lines

Is this answer explanation correct?

Am I breaking OOP practice with this architecture?

Are British MPs missing the point, with these 'Indicative Votes'?

Could the museum Saturn V's be refitted for one more flight?

Is there an expression that means doing something right before you will need it rather than doing it in case you might need it?

How to remove border from elements in the last row?

How to Prove P(a) → ∀x(P(x) ∨ ¬(x = a)) using Natural Deduction

Why was the shrink from 8″ made only to 5.25″ and not smaller (4″ or less)

files created then deleted at every second in tmp directory

Is it "common practice in Fourier transform spectroscopy to multiply the measured interferogram by an apodizing function"? If so, why?

Can someone clarify Hamming's notion of important problems in relation to modern academia?

rsyslog: Forward different message types to same server with different templates

what's causing rsyslog to log $msg**INVALID PROPERTY NAME** instead of the message contents from sonicwall devices?How to forward specific log file outside of /var/log with rsyslog to remote server?Writing templates for rsyslogrsyslog - Different logs for different IP addresses?Templates in Rsyslog 8.17Rsyslog hangs after memory usage 456 MBrsyslog truncate message also with $MaxMessageSizersyslog: using message properties in a templateRsyslog - forward via HTTP postFilter rsyslog message by user

0

I have the following rsyslog config:

template(name="logz.io" type="string" string="[TOKEN] 
 <%pri%>%protocol-version% %timestamp:::date-rfc3339% [hostname] 
 %app-name% %procid% %msgid% tag="syslog"] %msg%n")

# Send messages over TCP using the template.
action(type="omfwd" protocol="tcp" target="listener.logz.io" port="5001"
 template="logz.io" StreamDriver="gtls" StreamDriverMode="1"
 StreamDriverAuthMode="x509/name" StreamDriverPermittedPeers="*.logz.io")

Now I would like to have the type="string" set according to one of the message type. So I could create individual templates for each type like

template(name="logz.io_nginx" type="nginx" string="[TOKEN] 
 <%pri%>%protocol-version% %timestamp:::date-rfc3339% [hostname] 
 %app-name% %procid% %msgid% tag="nginx"] %msg%n")

However this means that the action should call the correct template based on the type.

1. How would I configure rsyslog to use the same action with different template?


2. Could I just have one template but for example the type parameter dynamically set dependent on the message type?

rsyslog

share|improve this question

asked Feb 10 at 10:36

papanitopapanito

208

add a comment | 

0

I have the following rsyslog config:

template(name="logz.io" type="string" string="[TOKEN] 
 <%pri%>%protocol-version% %timestamp:::date-rfc3339% [hostname] 
 %app-name% %procid% %msgid% tag="syslog"] %msg%n")

# Send messages over TCP using the template.
action(type="omfwd" protocol="tcp" target="listener.logz.io" port="5001"
 template="logz.io" StreamDriver="gtls" StreamDriverMode="1"
 StreamDriverAuthMode="x509/name" StreamDriverPermittedPeers="*.logz.io")

Now I would like to have the type="string" set according to one of the message type. So I could create individual templates for each type like

template(name="logz.io_nginx" type="nginx" string="[TOKEN] 
 <%pri%>%protocol-version% %timestamp:::date-rfc3339% [hostname] 
 %app-name% %procid% %msgid% tag="nginx"] %msg%n")

However this means that the action should call the correct template based on the type.

1. How would I configure rsyslog to use the same action with different template?


2. Could I just have one template but for example the type parameter dynamically set dependent on the message type?

rsyslog

share|improve this question

asked Feb 10 at 10:36

papanitopapanito

208

add a comment | 

I have the following rsyslog config:

template(name="logz.io" type="string" string="[TOKEN] 
 <%pri%>%protocol-version% %timestamp:::date-rfc3339% [hostname] 
 %app-name% %procid% %msgid% tag="syslog"] %msg%n")

# Send messages over TCP using the template.
action(type="omfwd" protocol="tcp" target="listener.logz.io" port="5001"
 template="logz.io" StreamDriver="gtls" StreamDriverMode="1"
 StreamDriverAuthMode="x509/name" StreamDriverPermittedPeers="*.logz.io")

Now I would like to have the type="string" set according to one of the message type. So I could create individual templates for each type like

template(name="logz.io_nginx" type="nginx" string="[TOKEN] 
 <%pri%>%protocol-version% %timestamp:::date-rfc3339% [hostname] 
 %app-name% %procid% %msgid% tag="nginx"] %msg%n")

However this means that the action should call the correct template based on the type.

1. How would I configure rsyslog to use the same action with different template?


2. Could I just have one template but for example the type parameter dynamically set dependent on the message type?

rsyslog

share|improve this question

asked Feb 10 at 10:36

papanitopapanito

208

template(name="logz.io" type="string" string="[TOKEN] 
 <%pri%>%protocol-version% %timestamp:::date-rfc3339% [hostname] 
 %app-name% %procid% %msgid% tag="syslog"] %msg%n")

# Send messages over TCP using the template.
action(type="omfwd" protocol="tcp" target="listener.logz.io" port="5001"
 template="logz.io" StreamDriver="gtls" StreamDriverMode="1"
 StreamDriverAuthMode="x509/name" StreamDriverPermittedPeers="*.logz.io")

template(name="logz.io_nginx" type="nginx" string="[TOKEN] 
 <%pri%>%protocol-version% %timestamp:::date-rfc3339% [hostname] 
 %app-name% %procid% %msgid% tag="nginx"] %msg%n")

share|improve this question

asked Feb 10 at 10:36

papanitopapanito

208

share|improve this question

asked Feb 10 at 10:36

papanitopapanito

208

asked Feb 10 at 10:36

papanitopapanito

208

asked Feb 10 at 10:36

papanitopapanito

208

1 Answer
1

active

oldest

votes

0

How is rsyslog supposed to know the message type, which is a logz concept and not an rsyslogd concept?
You will probably have to distinguish the action based on syslogtag/programname, using an if statement, and chose the appropriate template within the if-then-block.

share|improve this answer

answered yesterday

Alexander StumpfAlexander Stumpf

13

add a comment | 

Your Answer

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "2"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f953204%2frsyslog-forward-different-message-types-to-same-server-with-different-templates%23new-answer', 'question_page');

);

Post as a guest

Name

Email

Required, but never shown

0

How is rsyslog supposed to know the message type, which is a logz concept and not an rsyslogd concept?
You will probably have to distinguish the action based on syslogtag/programname, using an if statement, and chose the appropriate template within the if-then-block.

share|improve this answer

answered yesterday

Alexander StumpfAlexander Stumpf

13

add a comment | 

0

How is rsyslog supposed to know the message type, which is a logz concept and not an rsyslogd concept?
You will probably have to distinguish the action based on syslogtag/programname, using an if statement, and chose the appropriate template within the if-then-block.

share|improve this answer

answered yesterday

Alexander StumpfAlexander Stumpf

13

add a comment | 

How is rsyslog supposed to know the message type, which is a logz concept and not an rsyslogd concept?
You will probably have to distinguish the action based on syslogtag/programname, using an if statement, and chose the appropriate template within the if-then-block.

share|improve this answer

answered yesterday

Alexander StumpfAlexander Stumpf

13

share|improve this answer

answered yesterday

Alexander StumpfAlexander Stumpf

13

answered yesterday

Alexander StumpfAlexander Stumpf

13

answered yesterday

Alexander StumpfAlexander Stumpf

13