I am new to syslog module. I am trying to log messages with structured data by using this parameter in template. But it is showing null value for structured data. I am working with rsyslogd 5.8.11 and rsyslogd 4.8.4 and for both the versions i am getting same results.
I am using the template:
"<%PRI%>%TIMESTAMP:::date-rfc3339%%HOSTNAME%%syslogtag%%APP-NAME%%PROCID%%MSGID% %msg% %STRUCTURED-DATA%\n”
getting message format as below:
<142> 2015-01-29T06:43:53.081641-05:00 localhost login[2116]: login 2116 - [2116 : 2116 INFO]SERIAL Login from IP:127.0.0.1 user:admin -
can someone tell me what I am doing wrong?.I just want to log message with structured data with SD-ID,SD-PARAM in log file.
Best Answer
rsyslog can emit RFC5424 messages with structured data.
But do you also have a way to send RFC5424 messages to rsyslog? -- It should work if you log your messages directly via UDP or TLS. But if you log via traditional BSD Syslog functions then there will not be any structured data, nor any MSGID. (AFAIK NetBSD has the only RFC5424 capable libc with a syslogp() function.)