LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 07-31-2016, 08:28 AM   #1
shipon_97
Member
 
Registered: Oct 2005
Location: Bangladesh
Posts: 490

Rep: Reputation: 30
rsyslog template problem !


Friends ,

In rsyslog server , I have to create two separate database with two separate tables and want to keep rsyslog client end log onto this separate database tables . In this reason I have to configure rsyslog server below way :

#Template create name 'events' and 'linux'

$template events,"insert into SystemEvents (Message, Facility, FromHost, Priority, DeviceReportedTime, ReceivedAt, InfoUnitID, SysLogTag, ProcessID) values ('%msg%', %syslogfacility%, '%HOSTNAME%', %syslogpriority%, '%timereported:::date-mysql%', '%timegenerated:::date-mysql%', %iut%, '%syslogtag:R,ERE,1,FIELD[a-zA-Z\/]+)(\[[0-9]{1,5}\])*:--end%', '%syslogtag:R,ERE,1,BLANK:\[([0-9]{1,5})\]--end%')",sql
$template linux,"insert into SystemLinux (Message, Facility, FromHost, Priority, DeviceReportedTime, ReceivedAt, InfoUnitID, SysLogTag, ProcessID) values ('%msg%', %syslogfacility%, '%HOSTNAME%', %syslogpriority%, '%timereported:::date-mysql%', '%timegenerated:::date-mysql%', %iut%, '%syslogtag:R,ERE,1,FIELD[a-zA-Z\/]+)(\[[0-9]{1,5}\])*:--end%', '%syslogtag:R,ERE,1,BLANK:\[([0-9]{1,5})\]--end%')",sql

#define source with if condition
if ($source == '172.20.210.48') then mmysql:127.0.0.1,Syslog,rsyslog,123456;events

if ($source == '192.168.1.41') then mmysql:127.0.0.1,loganalyzerdb,loganalyzer,123456;linux

(#Here ip 172.20.210.48 and 192.168.1.41 are client server)

But problem is all client's log goes to the table 'SystemEvents; of the 1st database .

Would anybody please help me how can I send separate client's log onto separate tables of the two database ?

Waiting for kind reply ... ...
 
Old 08-01-2016, 09:04 AM   #2
Habitual
LQ 5k Club
 
Registered: Jan 2011
Location: Nowhere near you, thank God.
Distribution: OSX Sierra
Posts: 8,591
Blog Entries: 15

Rep: Reputation: Disabled
What file(s) are you editing exactly?
I never had any luck messing with defaults. Leave those alone is my opinion.
I made progress setting what I call "watchfiles" sent to a remote rsyslog server.

It is not clear to me that LogAnalyzer using mongodb can be split like you want.
And it is LogAnalyzer using mongodb?
Version(s)? Method of installation?
Did it ever work? What have you read? Where did you read it?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Resume creator - export options : template vs non-template approach vharishankar Programming 1 12-08-2011 12:11 AM
Problem when autostarting rsyslog gatsby Linux - Software 6 09-25-2008 11:05 AM
Problem I faced in using rsyslog prakash.akumalla Linux - Software 0 06-26-2008 04:13 AM
from django.template import Template, gives output firedancer Linux - Newbie 0 11-30-2007 03:08 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 06:04 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration