Hi
I am trying to store logs as JSON to folders based on logs received time.
The folder should be like /var/logs/logs_folder/2021/12/1/23/59.log
I tried the below config but it's not working. String template working fine but JSON is not working.
template(name="json-template"
type="list") {
constant(value="{")
constant(value="\"@timestamp\":\"") property(name="timereported" dateFormat="rfc3339")
constant(value="\",\"@version\":\"1")
constant(value="\",\"message\":\"") property(name="msg" format="json")
constant(value="\",\"sysloghost\":\"") property(name="hostname")
constant(value="\",\"severity\":\"") property(name="syslogseverity-text")
constant(value="\",\"facility\":\"") property(name="syslogfacility-text")
constant(value="\",\"programname\":\"") property(name="programname")
constant(value="\",\"procid\":\"") property(name="procid")
constant(value="\"}\n")
}
$template json-template,"/var/log/logs_folder/%$year%/%$month%/%$day%/%$hour%.log"
It's creating folders inside /var/log/logs_folder/%$year%/%$month%/%$day%/%$hour%.log but not actual /var/log/logs_folder/2021/12/1/.....log
Thank you
[4b4654de-98b9-4630-83b9-ab7b37cc9b42]
--
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
I am trying to store logs as JSON to folders based on logs received time.
The folder should be like /var/logs/logs_folder/2021/12/1/23/59.log
I tried the below config but it's not working. String template working fine but JSON is not working.
template(name="json-template"
type="list") {
constant(value="{")
constant(value="\"@timestamp\":\"") property(name="timereported" dateFormat="rfc3339")
constant(value="\",\"@version\":\"1")
constant(value="\",\"message\":\"") property(name="msg" format="json")
constant(value="\",\"sysloghost\":\"") property(name="hostname")
constant(value="\",\"severity\":\"") property(name="syslogseverity-text")
constant(value="\",\"facility\":\"") property(name="syslogfacility-text")
constant(value="\",\"programname\":\"") property(name="programname")
constant(value="\",\"procid\":\"") property(name="procid")
constant(value="\"}\n")
}
$template json-template,"/var/log/logs_folder/%$year%/%$month%/%$day%/%$hour%.log"
It's creating folders inside /var/log/logs_folder/%$year%/%$month%/%$day%/%$hour%.log but not actual /var/log/logs_folder/2021/12/1/.....log
Thank you
[4b4654de-98b9-4630-83b9-ab7b37cc9b42]
--
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.