Versions Compared

Old Version 20

changes.mady.by.user Radu Gheorghe

Saved on

compared with

New Version 21

changes.mady.by.user Radu Gheorghe

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents
minLevel2

...

Code Block
titleTailing Files via Inotify; New Config Format
collapsetrue
# add once
module(load="imfile")

# for every file
input(type="imfile"
  File="/var/log/jetty.log"         # the file to monitor
  Tag="jetty:"                       # syslog tag attributed to those events
  ReadMode="2"                      # support indented multi-line logs (requires rsyslog 5.7.5+). For single-line logs use 0. For multi-line logs without indent support use 1.
)

...

 

$template kernelErrors,"<%PRI%>%TIMEREPORTED:::date-rfc3339% %HOSTNAME% %syslogtag%@cee: {\"logsene-app-token\": \"LOGSENE-APP-TOKEN-GOES-HERE\", \"message\": \"%msg:::json%\", \"tags\":[\"kernel errors\", \"urgent issues\"]}\n"

if $syslogfacility-text == 'kernel' and $syslogseverity-text == 'error' then @@(o)logsene-receiver-syslog.sematext.com;kernelErrors
&~

 

Notice the &~ statement - this prevents rsyslog from sending matched events twice (once with tags and once without). Make sure you place these conditionals before your main Logsene action (the one starting with *.* ).