Rsyslog logging path with custom property

rsyslog

I have an rsyslog server running v7.4.3 receiving a stream with the format:

<PRI>Date hostname app: name=VALUE message

What I need to do is pull the VALUE out of the message, and log it in a file such as /var/log/VALUE/syslog.log

I can get "name=VALUE" out of the message using a regular expression but have no idea how to strip out the "name=" or translate that into the path. Any ideas?

Best Answer

So here's how. Note you need to use rsyslog 7.4.5 or higher, as there's a nasty bug in previous versions that causes rsyslog to crash when using re_extract.

set $!namevalstr = re_extract($msg, "name=([a-zA-Z0-9])+", 0, 0, "name=unknown");
set $!valstr = field($!namevalstr, "=", 2);
$template PerHostSyslog,"/var/log/%$!valstr%/syslog.log
*.* -?PerHostSyslog

And that appears to work.

Best Answer

Related Solutions

What’s causing rsyslog to log $msg**INVALID PROPERTY NAME** instead of the message contents from sonicwall devices

Postgresql – Trouble with backslash characters and rsyslog writing to postgres

Related Topic

What’s causing rsyslog to log $msgINVALID PROPERTY NAME instead of the message contents from sonicwall devices