New in version 0.5.
Parses the rsyslog output using the string based configuration template.
Config:
Always preserve the original ‘Hostname’ field set by Logstreamer’s ‘hostname’ configuration setting.
The ‘template’ configuration string from rsyslog.conf. http://rsyslog-5-8-6-doc.neocities.org/rsyslog_conf_templates.html
If your rsyslog timestamp field in the template does not carry zone offset information, you may set an offset to be applied to your events here. Typically this would be used with the “Traditional” rsyslog formats.
Parsing is done by Go, supports values of “UTC”, “Local”, or a location name corresponding to a file in the IANA Time Zone database, e.g. “America/New_York”.
Example Heka Configuration
[RsyslogDecoder]
type = "SandboxDecoder"
filename = "lua_decoders/rsyslog.lua"
[RsyslogDecoder.config]
type = "RSYSLOG_TraditionalFileFormat"
template = '%TIMESTAMP% %HOSTNAME% %syslogtag%%msg:::sp-if-no-1st-sp%%msg:::drop-last-lf%\n'
tz = "America/Los_Angeles"
Example Heka Message
Timestamp: | 2014-02-10 12:58:58 -0800 PST |
---|---|
Type: | RSYSLOG_TraditionalFileFormat |
Hostname: | trink-x230 |
Pid: | 0 |
UUID: | e0eef205-0b64-41e8-a307-5772b05e16c1 |
Logger: | RsyslogInput |
Payload: | “imklog 5.8.6, log source = /proc/kmsg started.” |
EnvVersion: | |
Severity: | 7 |
Fields: | name:”programname” value_string:”kernel”
|