Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

rsyslog with filenames

https://support.nagios.com/forum/viewtopic.php?t=53182

Page 1 of 1

rsyslog with filenames

Posted: Tue Mar 26, 2019 2:37 pm
by BanditBBS
So, this is my config file for rsyslog for the files I am sending to Nagios Log Sevrer:

Code: Select all

$ModLoad imfile
$MaxOpenFiles 11000
$InputFilePollInterval 10
$WorkDirectory /var/imfilestate
# Input for FILE_PATH
$InputFileName /ofsh_prod/hdfs/ofsllprd/logs/*.log
$InputFileTag RDN
$InputFileStateFile nls-state-RDN # Must be unique for each file being polled

$InputFilePersistStateInterval 20000
$InputRunFileMonitor

# Forward to Nagios Logserver and then discard.
if $programname == 'RDN' then @@xxxxxxxx.com:5544
if $programname == 'RDN' then ~
I want to add a field to data adding the filename which is available via metadata for imfile in rsyslog. I've been reading for days on trying to do it and just can not wrap my head around it, especially since my config files look completely different than the sames I am seeing online.

Has anyone used rsyslog with wildcards and modified the data to include a filename field?

Re: rsyslog with filenames

Posted: Tue Mar 26, 2019 2:54 pm
by cdienger
What version of rsyslog is on the sending machine? Rsyslog does have an option called "addmetadata" that can be used with the input module to add the file name, but it looks like it's available only in newer rsyslog 8 versions.

https://www.rsyslog.com/doc/master/conf ... ddmetadata
https://www.rsyslog.com/using-the-text- ... ut-module/

Here is what I came up with once when having to set this up:

Code: Select all

module(load="imfile" PollingInterval="10")

input(type="imfile" file="/inputfile" tag="tag1:" severity="info" facility="local0" addMetadata="on")

template (name="LongTagForwardFormat" type="string"
string="<%PRI%>%TIMESTAMP:::date-rfc3339% %HOSTNAME% %syslogtag% %$!metadata!filename% %msg%")

action(type="omfwd" Target="192.168.55.3" Port="10514" Protocol="tcp" Template="LongTagForwardFormat")

Re: rsyslog with filenames

Posted: Tue Mar 26, 2019 3:22 pm
by cdienger
You can also use wildcards with this type of config

Code: Select all

...
input(type="imfile" file="/directory/*.log" tag="tag1:" severity="info" facility="local0" addMetadata="on")
...
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited