Save rsyslog messages to dynafile that extracts text from rawmsg

regex rsyslog

We have a few appliances that are sending syslog, unfortunately their hostname are not the same as the actual name configured on the service

I'm running the latest rsyslog version.

Currently I have this saved as a seperate conf file:

template (name="stats" type="string" string="/logs/stats/host-%rawmsg:R,ERE,1,DFLT:gw_name="([^"]*)--end%-%$year%-%$month%-%$day%.log")

local4.*                action(type="omfile" dynaFile="stats")

These do not generate log files.

Sample raw message

Mar 31 17:33:02 localhost root: log_type="stats", local_time="2021/03/31 17:33 BST", mx_ip="10.191.205.240",gw_name="Appliance_NAME", gw_ip="1.0.0.41", version="1.5.0.", model="1000", serial_no="1xxxxxx8", ssl_card="Yes", total_traffic="0", app_traffic="0", cpu="0"

This should save the log file as host-Appliance_NAME-2021-03-31

We have an outdated rsyslog version 5.4 that we need to migrate to latest ones and hence this stiuation.


There is a syntax error in the template, which might have been visible in a test run (rsyslogd -N1). The part string="/logs/...%rawmsg...gw_name="([^"]*)... is using double-quotes inside double-quotes. You need to escape the internal double-quotes with a preceding backslash, ...gw_name=\"([^\"]*)....

Related

AWS: difference between instance snapshot and volume snapshot
Do anacron jobs accumulate?
Issue installing a SQL Security Update on Windows Server 2012 R2
Apache rewrite causes server error 403 when genuine directory exists after extension removal rewrite
Apache 2.4 LDAP lookup sllow
Port accessing error for a docker app on google compute engine VM instance
query user with powershell, output to email
AWS Windows EC2 instance does not recognize assigned IAM role
Chef Private Key Could Not Be Loaded from /user.pem
fs.writeFileSync is not working in cloud functions [closed]
EPEL 7 proftp package only outdated version available 1.3.5e
Do Azure logic apps wait for completion before firing again?