Monday, September 19, 2016

Rsyslog + Elasticsearch/Redis backend template

Here is example of template when using redis or Elasticsearch backend for rsyslog. Very usefull along with logstash and kibana.

 

module(load="omhiredis")
template(name="ls_json" type="list" option.json="on")
{ constant(value="{")
constant(value="\"timestamp\":\"") property(name="timegenerated" dateFormat="rfc3339")
constant(value="\",\"message\":\"") property(name="msg")
constant(value="\",\"host\":\"") property(name="fromhost")
constant(value="\",\"host_ip\":\"") property(name="fromhost-ip")
constant(value="\",\"logsource\":\"") property(name="fromhost")
constant(value="\",\"severity_label\":\"") property(name="syslogseverity-text")
constant(value="\",\"severity\":\"") property(name="syslogseverity")
constant(value="\",\"facility_label\":\"") property(name="syslogfacility-text")
constant(value="\",\"facility\":\"") property(name="syslogfacility")
constant(value="\",\"program\":\"") property(name="programname")
constant(value="\",\"pid\":\"") property(name="procid")
constant(value="\",\"syslogtag\":\"") property(name="syslogtag")
constant(value="\"}\n")
}
*.* action(
name="push_redis"
type="omhiredis"
server="127.0.0.1"
mode="queue"
key="syslog"
template="ls_json"
)


 

No comments:

Post a Comment

ESP8266 + InfluxDB + OLED DIsplay and DHT22

Basicly just put together from Examples. Sending data tu InfluxDB was little bit tricky using HTTPClient and POST method for InfluxDB.