Hello rsyslog users,
We are currently running a small rsyslog setup (i.e. TCP-based remote
logging) in our test environment.
This setup is also used to transfer Apache access logs, using the pipe
operator in the Apache config and a Bash shell script which calls the
"logger" tool to log a message to local rsyslog in a loop like
# read first line
#...
while [ $result -eq 0 ]; do
# log $line to $filename
logger -p local0.info -t "APACHE" "$filename?$line"
read line
result=$?
done
The problem with this approach is twofold. First, we are experiencing
performance issues under increased load (all Apache workers in status "L"
on the Apache server status page when stress testing).
Secondly, in order to resolve the first issue, we thought about moving to
the file based input module which would make (we hope) Apache performance
less depending on the logging infrastructure - as it would just log to the
native filesystem as usual. However, as can be seen above, we're currently
transforming the log messages to include the destination filename.
On the remote rsyslog server (the receiving end), the messages are logged
into a file whose name is dynamically derived from the first part of the
log (the part before the first question mark).
So my question is: can rsyslog be configured to
1. Read new lines from Apache access log as they become available
2. prepend an arbitrary string to the message (the destination filename)
3. log this transformed message instead of the original
Or is there a more "best-practices" approach to do what I want (which is :
filter messages on the remote end based on the tag and write them to a
dynamically generated filename using regexps)
Thanks,
Pieter
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com
We are currently running a small rsyslog setup (i.e. TCP-based remote
logging) in our test environment.
This setup is also used to transfer Apache access logs, using the pipe
operator in the Apache config and a Bash shell script which calls the
"logger" tool to log a message to local rsyslog in a loop like
# read first line
#...
while [ $result -eq 0 ]; do
# log $line to $filename
logger -p local0.info -t "APACHE" "$filename?$line"
read line
result=$?
done
The problem with this approach is twofold. First, we are experiencing
performance issues under increased load (all Apache workers in status "L"
on the Apache server status page when stress testing).
Secondly, in order to resolve the first issue, we thought about moving to
the file based input module which would make (we hope) Apache performance
less depending on the logging infrastructure - as it would just log to the
native filesystem as usual. However, as can be seen above, we're currently
transforming the log messages to include the destination filename.
On the remote rsyslog server (the receiving end), the messages are logged
into a file whose name is dynamically derived from the first part of the
log (the part before the first question mark).
So my question is: can rsyslog be configured to
1. Read new lines from Apache access log as they become available
2. prepend an arbitrary string to the message (the destination filename)
3. log this transformed message instead of the original
Or is there a more "best-practices" approach to do what I want (which is :
filter messages on the remote end based on the tag and write them to a
dynamically generated filename using regexps)
Thanks,
Pieter
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com