Information: Forum is in read-only mode
For details and other support options see https://www.adiscon.com/news/support-forum-set-to-read-only-mode/

Rsyslog: Configure SD if MSG is empty

This is the place for you, if you got rsyslog up and running but wonder how to make it do what you want.

Moderator: alorbach

Google Ads


Rsyslog: Configure SD if MSG is empty

Postby getk » Fri Feb 23, 2018 11:34 am

hi friends,
We have few network devices sending data in normal msg format and some in Structured format.
We are using RSYSLOG_FileFormat as the default one which can capture "msg" perfectly.
Code: Select all
$template FileFormat,"%TIMESTAMP:::date-rfc3339% %HOSTNAME% %syslogtag%%msg:::sp-if-no-1st-sp%%msg:::drop-last-lf%\n"

and tried putting a Structured Data template Custom_SD
Code: Select all
$template Custom_SD, "%TIMESTAMP:::date-rfc3339% %HOSTNAME% %MSGID% %STRUCTURED-DATA%\n"

Is there an option in rsyslog to check
if "msg" is null, then log as "structured-format"

Ultimately looking for something like
Code: Select all
*.*   $MYMSGPATH;$RSYSLOG_FileFormat
# if MSG is empty, then only
*.*   $MYSDPATH;$Custom_SD



I could try regex or !contains, but I fear about the performance as it checks for every single event/message.
getk
New
 
Posts: 1
Joined: Fri Feb 23, 2018 11:00 am

Urgent Question?

  • Pulling out your Hair?
  • Wasting Time and Money?
  • Deadline Approaching?

Google Ads


Return to Configuration

Who is online

Users browsing this forum: No registered users and 0 guests

cron