Hello Khushil, I think this thread has a lot of of starting points in it, although I didn't get to test them all until now:
http://comments.gmane.org/gmane.comp.sysutils.rsyslog/9505 So far, I've tried two things: - forwarding via UDP - reading from a file And they both worked, provided that I've added this to the config: $EscapeControlCharactersOnReceive off And also a $MaxMessageSize that is big enough to accommodate my huge stacktraces. Because what I needed was to use rsyslog to forward my Jetty logs to Elasticsearch. So, with imfile<http://www.rsyslog.com/doc/imfile.html>, I could just read logs with ReadMode 2 and that's it. With UDP, I had to use Logback's syslog appender<http://logback.qos.ch/manual/appenders.html#SyslogAppender>to send logs via UDP to syslog and it all magically worked :) I guess the solution depends on how your particular use-case would look like. So if I were your I'd just try the solution that sounds like the best fit and come back here for questions if you get stuck. Logstash is also a great tool, so you might want to look it up and see what are the advantages and disadvantages. Best regards, Radu 2013/7/13 Khushil Dep <[email protected]> > Hey all, > > Would anyone please point me in the direction of any documentation or > patterns on how to deal with multiline messages needing to be sent to > syslog. > > Some of our messages also spit out as JSON – could rsylog interpret these > or should we look to logstash for this? > > -- > Khushil Dep > > ______________________________________________________________________ > This e-mail and any attached files are intended for the named addressee > only. It contains information, which may be confidential and legally > privileged and also protected by copyright. Unless you are the named > addressee (or authorised to receive for the addressee) you may not copy or > use it, or disclose it to anyone else. If you received it in error please > notify the sender immediately and then delete it from your system. Please > be advised that the views and opinions expressed in this e-mail may not > reflect the views and opinions of Associated Newspapers Limited or any of > its subsidiary companies. We make every effort to keep our network free > from viruses. However, you do need to check this e-mail and any attachments > to it for viruses as we can take no responsibility for any computer virus > which may be transferred by way of this e-mail. Use of this or any other > e-mail facility signifies consent to any interception we might lawfully > carry out to prevent abuse of these facilities. > Associated Newspapers Ltd. Registered Office: Northcliffe House, 2 Derry > St, Kensington, London, W8 5TT. Registered No 84121 England. > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > DON'T LIKE THAT. > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
