I have rsyslog (8.2310.0) in docker container from latest alpine image as a
syslog collector with forwarding to logstash.local and rabbitmq.local
Rsyslog stops working when rabbitmq is unavailable and work fine when
rabbitmq server is up
How to configure rsyslog to work when the destination is unavailable ?
module(load="omrabbitmq")
module(load="imptcp" threads="3")
input(type="imptcp" port="514" ruleset="syslogCollector")
template(
name="json_syslog"
type="list"
option.json="on"
) {
constant(value="{")
constant(value="\"@timestamp\":\"")
property(name="timereported" dateFormat="rfc3339")
constant(value="\",\"type\":\"syslog_json")
constant(value="\",\"tag\":\"")
property(name="syslogtag" format="json")
constant(value="\",\"relayhost\":\"") property(name="fromhost")
constant(value="\",\"relayip\":\"") property(name="fromhost-ip")
constant(value="\",\"logsource\":\"") property(name="source")
constant(value="\",\"hostname\":\"") property(name="hostname"
caseconversion="lower")
constant(value="\",\"program\":\"") property(name="programname")
constant(value="\",\"source\":\"") property(name="app-name"
caseConversion="lower" onEmpty="null")
constant(value="\",\"priority\":\"") property(name="pri")
constant(value="\",\"severity\":\"")
property(name="syslogseverity" caseConversion="upper")
constant(value="\",\"facility\":\"") property(name="syslogfacility")
constant(value="\",\"severity_label\":\"")
property(name="syslogseverity-text")
constant(value="\",\"facility_label\":\"")
property(name="syslogfacility-text")
constant(value="\",\"message\":\"") property(name="msg" format="json")
constant(value="\",\"end_msg\":\"")
constant(value="\"}\n")
}
ruleset(
name="syslogCollector"
) {
@@elk.local:5000;json_syslog
call send2mqtt
}
ruleset (
name="send2mqtt"
queue.type="LinkedList"
queue.size="1024"
queue.dequeueBatchSize="512"
queue.filename="q_mqtt"
queue.saveonshutdown="off"
queue.highwatermark="450"
queue.lowwatermark="50"
) {
action(
type="omrabbitmq"
host="rabbitmq.local"
verify_peer="off"
verify_hostname="off"
virtual_host="/"
user="xxx"
password="xxx"
exchange="syslog"
routing_key="messages"
body_template="json_syslog"
action.resumeRetryCount="0"
action.reportSuspension="on"
action.reportSuspensionContinuation="on"
action.resumeInterval="10"
)
}
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
syslog collector with forwarding to logstash.local and rabbitmq.local
Rsyslog stops working when rabbitmq is unavailable and work fine when
rabbitmq server is up
How to configure rsyslog to work when the destination is unavailable ?
module(load="omrabbitmq")
module(load="imptcp" threads="3")
input(type="imptcp" port="514" ruleset="syslogCollector")
template(
name="json_syslog"
type="list"
option.json="on"
) {
constant(value="{")
constant(value="\"@timestamp\":\"")
property(name="timereported" dateFormat="rfc3339")
constant(value="\",\"type\":\"syslog_json")
constant(value="\",\"tag\":\"")
property(name="syslogtag" format="json")
constant(value="\",\"relayhost\":\"") property(name="fromhost")
constant(value="\",\"relayip\":\"") property(name="fromhost-ip")
constant(value="\",\"logsource\":\"") property(name="source")
constant(value="\",\"hostname\":\"") property(name="hostname"
caseconversion="lower")
constant(value="\",\"program\":\"") property(name="programname")
constant(value="\",\"source\":\"") property(name="app-name"
caseConversion="lower" onEmpty="null")
constant(value="\",\"priority\":\"") property(name="pri")
constant(value="\",\"severity\":\"")
property(name="syslogseverity" caseConversion="upper")
constant(value="\",\"facility\":\"") property(name="syslogfacility")
constant(value="\",\"severity_label\":\"")
property(name="syslogseverity-text")
constant(value="\",\"facility_label\":\"")
property(name="syslogfacility-text")
constant(value="\",\"message\":\"") property(name="msg" format="json")
constant(value="\",\"end_msg\":\"")
constant(value="\"}\n")
}
ruleset(
name="syslogCollector"
) {
@@elk.local:5000;json_syslog
call send2mqtt
}
ruleset (
name="send2mqtt"
queue.type="LinkedList"
queue.size="1024"
queue.dequeueBatchSize="512"
queue.filename="q_mqtt"
queue.saveonshutdown="off"
queue.highwatermark="450"
queue.lowwatermark="50"
) {
action(
type="omrabbitmq"
host="rabbitmq.local"
verify_peer="off"
verify_hostname="off"
virtual_host="/"
user="xxx"
password="xxx"
exchange="syslog"
routing_key="messages"
body_template="json_syslog"
action.resumeRetryCount="0"
action.reportSuspension="on"
action.reportSuspensionContinuation="on"
action.resumeInterval="10"
)
}
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.