Hi Guys,
Likely this has been asked before and I've tried to google it and find the
answers but alas, it's been difficult.
I'm trying to implement a script based process for logging to a database in
a particular format. Something like this:
#---------------------------------------------------------
# send remote logs to observium
# provides UDP syslog reception
#module(load="imudp")
input(type="imudp"
port="60514"
ruleset="observium")
## provides TCP syslog reception (uncomment if required)
#module(load="imptcp")
#
#input(type="imptcp"
# port="50514"
# ruleset="observium")
module(load="omprog")
# observium syslog template
template(name="observium"
type="string"
string="%fromhost-ip%||%syslogfacility%||%syslogpriority%||%syslogseverity%||%syslogtag%||%$year%-%$month%-%$day%
%timereported:8:25%||%msg:::space-cc%||%programname%\n")
# observium RuleSets
ruleset(name="observium") {
:msg, contains, "send response: Too long" stop
:msg, contains, "-- HOST-RESOURCES-MIB" stop
:msg, startswith, "-- UCD-SNMP-MIB::" stop
:msg, contains, "truncating integer value " stop
if ($programname contains_i "SNMPD") and ($msg startswith "-- ") and ($msg
contains "::") then{
stop
}
action(type="omprog"
binary="/opt/observium/syslog.php"
template="observium")
stop
}
#---------------------------------------------------------
My problem is, this format is not working to block the messages from snmpd
that I'm trying to filter out.
I've tried taking that same block and putting it outside of the ruleset,
same results. Also my if condition... I have no idea if this is the right
format, it's me trying what I've seen in stackoverflow and trying to make
it work. That's like my 8th version of the if.
So if anyone knows of documentation or can point me in the right direction,
I would appreciate it.
Thank you,
*Greg Borbonus*
General Manager
P + <+639310006006>1 832 576 5956
W
https://skilledpragati.com
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Likely this has been asked before and I've tried to google it and find the
answers but alas, it's been difficult.
I'm trying to implement a script based process for logging to a database in
a particular format. Something like this:
#---------------------------------------------------------
# send remote logs to observium
# provides UDP syslog reception
#module(load="imudp")
input(type="imudp"
port="60514"
ruleset="observium")
## provides TCP syslog reception (uncomment if required)
#module(load="imptcp")
#
#input(type="imptcp"
# port="50514"
# ruleset="observium")
module(load="omprog")
# observium syslog template
template(name="observium"
type="string"
string="%fromhost-ip%||%syslogfacility%||%syslogpriority%||%syslogseverity%||%syslogtag%||%$year%-%$month%-%$day%
%timereported:8:25%||%msg:::space-cc%||%programname%\n")
# observium RuleSets
ruleset(name="observium") {
:msg, contains, "send response: Too long" stop
:msg, contains, "-- HOST-RESOURCES-MIB" stop
:msg, startswith, "-- UCD-SNMP-MIB::" stop
:msg, contains, "truncating integer value " stop
if ($programname contains_i "SNMPD") and ($msg startswith "-- ") and ($msg
contains "::") then{
stop
}
action(type="omprog"
binary="/opt/observium/syslog.php"
template="observium")
stop
}
#---------------------------------------------------------
My problem is, this format is not working to block the messages from snmpd
that I'm trying to filter out.
I've tried taking that same block and putting it outside of the ruleset,
same results. Also my if condition... I have no idea if this is the right
format, it's me trying what I've seen in stackoverflow and trying to make
it work. That's like my 8th version of the if.
So if anyone knows of documentation or can point me in the right direction,
I would appreciate it.
Thank you,
*Greg Borbonus*
General Manager
P + <+639310006006>1 832 576 5956
W
https://skilledpragati.com
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.