1

I am new to syslog module. I am trying to log messages with structured data by using this parameter in template. But it is showing null value for structured data. I am working with rsyslogd 5.8.11 and rsyslogd 4.8.4 and for both the versions i am getting same results.

I am using the template:

"<%PRI%>%TIMESTAMP:::date-rfc3339%%HOSTNAME%%syslogtag%%APP-NAME%%PROCID%%MSGID% %msg% %STRUCTURED-DATA%\nā€

getting message format as below:

<142>  2015-01-29T06:43:53.081641-05:00 localhost login[2116]: login 2116 -  [2116 : 2116 INFO]SERIAL Login from IP:127.0.0.1 user:admin -

can someone tell me what I am doing wrong?.I just want to log message with structured data with SD-ID,SD-PARAM in log file.

StackUser
  • 803
  • 1
  • 7
  • 7

2 Answers2

2

rsyslog can emit RFC5424 messages with structured data.

But do you also have a way to send RFC5424 messages to rsyslog? -- It should work if you log your messages directly via UDP or TLS. But if you log via traditional BSD Syslog functions then there will not be any structured data, nor any MSGID. (AFAIK NetBSD has the only RFC5424 capable libc with a syslogp() function.)

mschuett
  • 3,146
  • 21
  • 21
  • .Yes you are right i am using Syslog functions.Can you suggest me the way i should pass the messages to get structured-data ? ā€“ StackUser May 20 '15 at 13:58
  • I do not know if rsyslog will read RFC5424 messages from a local socket. That would be the best way, otherwise try to send via UDP. ā€“ mschuett May 21 '15 at 08:44
  • I tried to send by UDP also but still getting same thing structured-data and msgid as null . Do you have any idea from where structured data things are coming. Are these things hardcoded in rsyslog or these are send by applications? ā€“ StackUser May 21 '15 at 14:24
1

I am also trying to achieve this. I managed to find out how to emit RFC5424 message format using the template RSYSLOG_SyslogProtocol23Format. However, I do not know how to add fields to the structured data. Also, for what it's worth I'm successfully sending/receiving RFC5424 format using syslog-ng.

faxmodem
  • 251
  • 1
  • 4