We have purchased a cloud based application with multi tenant support that we have deployed for our selves and a number of our customers. This particular cloud based application has a custom token assigned and defined for each and every customer that we have including our selves for the ease of identification.
* This cloud based application that we're using at the moment has a section in its' settings to configure the SYSLOG connectivity details of the preferred syslog application / service such as rsyslog or syslog-ng with the IP / hostname of the syslog server, tcp / udp port, syslog severity, syslog facility and etc and it is in that very section or should I say location where the option for the custom token is also defined. We were also able to confirm with the vendor that the option to output the custom token through SYSLOG is readily available.
*
However, when rsyslog was deployed on an Ubuntu Server VM and connected to this particular cloud based application it started sending all the SYSLOG data without an issue except for the custom token and now we have a hard time distinguishing between which syslog message belongs to which customer.
* We don't want to manually add the custom token details in a template or a JSON script in the rsyslog.conf file as it will become quite cumbersome to manage with the increasing number of customers in the future.
*
What we simply want is for all the original SYSLOG messages generated by the rsyslog server to display the custom token automatically without any manual configuration of the custom token in the rsyslog.conf configuration file.
Any suggestion on how to achieve this is greatly appreciated.
Below is the rsyslog.conf file used in our rsyslog Ubuntu Server VM deployment:
* # /etc/rsyslog.conf Configuration file for rsyslog.
#
# For more information see
# /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html
#
# Default logging rules can be found in /etc/rsyslog.d/50-default.conf
#################
#### MODULES ####
#################
module(load="imuxsock") # provides support for local system logging
#module(load="immark") # provides --MARK-- message capability
# provides UDP syslog reception
#module(load="imudp")
#input(type="imudp" port="514")
# provides TCP syslog reception
module(load="imtcp")
input(type="imtcp" port="6514")
# Template 1
$template RemoteSource, "/var/log/%FROMHOST-IP%.log"
*.* ?RemoteSource
# provides kernel logging support and enable non-kernel klog messages
module(load="imklog" permitnonkernelfacility="on")
###########################
#### GLOBAL DIRECTIVES ####
###########################
#
# Use traditional timestamp format.
# To enable high precision timestamps, comment out the following line.
#
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
# Filter duplicated messages
$RepeatedMsgReduction on
#
# Set the default permissions for all log files.
#
$FileOwner syslog
$FileGroup adm
$FileCreateMode 0640
$DirCreateMode 0755
$Umask 0022
$PrivDropToUser syslog
$PrivDropToGroup syslog
#
# Where to place spool and state files
#
$WorkDirectory /var/spool/rsyslog
#
# Include all config files in /etc/rsyslog.d/
#
$IncludeConfig /etc/rsyslog.d/*.conf
Rgds,
Amila
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
* This cloud based application that we're using at the moment has a section in its' settings to configure the SYSLOG connectivity details of the preferred syslog application / service such as rsyslog or syslog-ng with the IP / hostname of the syslog server, tcp / udp port, syslog severity, syslog facility and etc and it is in that very section or should I say location where the option for the custom token is also defined. We were also able to confirm with the vendor that the option to output the custom token through SYSLOG is readily available.
*
However, when rsyslog was deployed on an Ubuntu Server VM and connected to this particular cloud based application it started sending all the SYSLOG data without an issue except for the custom token and now we have a hard time distinguishing between which syslog message belongs to which customer.
* We don't want to manually add the custom token details in a template or a JSON script in the rsyslog.conf file as it will become quite cumbersome to manage with the increasing number of customers in the future.
*
What we simply want is for all the original SYSLOG messages generated by the rsyslog server to display the custom token automatically without any manual configuration of the custom token in the rsyslog.conf configuration file.
Any suggestion on how to achieve this is greatly appreciated.
Below is the rsyslog.conf file used in our rsyslog Ubuntu Server VM deployment:
* # /etc/rsyslog.conf Configuration file for rsyslog.
#
# For more information see
# /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html
#
# Default logging rules can be found in /etc/rsyslog.d/50-default.conf
#################
#### MODULES ####
#################
module(load="imuxsock") # provides support for local system logging
#module(load="immark") # provides --MARK-- message capability
# provides UDP syslog reception
#module(load="imudp")
#input(type="imudp" port="514")
# provides TCP syslog reception
module(load="imtcp")
input(type="imtcp" port="6514")
# Template 1
$template RemoteSource, "/var/log/%FROMHOST-IP%.log"
*.* ?RemoteSource
# provides kernel logging support and enable non-kernel klog messages
module(load="imklog" permitnonkernelfacility="on")
###########################
#### GLOBAL DIRECTIVES ####
###########################
#
# Use traditional timestamp format.
# To enable high precision timestamps, comment out the following line.
#
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
# Filter duplicated messages
$RepeatedMsgReduction on
#
# Set the default permissions for all log files.
#
$FileOwner syslog
$FileGroup adm
$FileCreateMode 0640
$DirCreateMode 0755
$Umask 0022
$PrivDropToUser syslog
$PrivDropToGroup syslog
#
# Where to place spool and state files
#
$WorkDirectory /var/spool/rsyslog
#
# Include all config files in /etc/rsyslog.d/
#
$IncludeConfig /etc/rsyslog.d/*.conf
Rgds,
Amila
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.