Configuration file for dmesg logs for remote logging

This is the place for you, if you got rsyslog up and running but wonder how to make it do what you want.

Moderator: rgerhards

Google Ads


Configuration file for dmesg logs for remote logging

Postby ZillaG » Thu Jun 08, 2017 9:31 pm

I use the ELK stack for remote logging. I want to send the contents of my /var/log/dmesg logs to my ELK stack. Here's a sample of the logs

Code: Select all
[    0.000000] Xen Platform PCI: I/O protocol version 1
[    0.000000] Netfront and the Xen platform PCI driver have been compiled for this kernel: unplug emulated NICs.
[    0.000000] Blkfront and the Xen platform PCI driver have been compiled for this kernel: unplug emulated disks.
You might have to change the root device
from /dev/hd[a-d] to /dev/xvd[a-d]
in your root= kernel command line option
[    0.000000] HVMOP_pagetable_dying not supported
[    0.000000] e820: update [mem 0x00000000-0x00000fff] usable ==> reserved


How should I form my startmsg.regex parameter in my configuration file to treat the [.......] as the start of the log?

Code: Select all
input(type="imfile"
    File="/var/log/dmesg*"
    Facility="local4"
    Tag="dmesg:"
    Severity="info"
    startmsg.regex="what to put here?"
    escapeLF="off"
)


IOW, the following lines will be one log instead of multiple logs?

Code: Select all
[    0.000000] Blkfront and the Xen platform PCI driver have been compiled for this kernel: unplug emulated disks.
You might have to change the root device
from /dev/hd[a-d] to /dev/xvd[a-d]
in your root= kernel command line option
ZillaG
Advanced
 
Posts: 26
Joined: Fri Aug 26, 2016 7:02 pm

Urgent Question?

  • Pulling out your Hair?
  • Wasting Time and Money?
  • Deadline Approaching?

Google Ads


Return to Configuration

Who is online

Users browsing this forum: No registered users and 2 guests

cron