We have purchased a cloud based application with multi tenant support that we
have deployed for our selves and a number of our customers. This particular
cloud based application has a custom token assigned and defined for each and
every customer that we have including our selves for the ease of identification.
* This cloud based application that we're using at the moment has a section
in its' settings to configure the SYSLOG connectivity details of the preferred
syslog application / service such as rsyslog or syslog-ng with the IP /
hostname of the syslog server, tcp / udp port, syslog severity, syslog facility
and etc and it is in that very section or should I say location where the
option for the custom token is also defined. We were also able to confirm with
the vendor that the option to output the custom token through SYSLOG is readily
available.
*
However, when rsyslog was deployed on an Ubuntu Server VM and connected to this
particular cloud based application it started sending all the SYSLOG data
without an issue except for the custom token and now we have a hard time
distinguishing between which syslog message belongs to which customer.
* We don't want to manually add the custom token details in a template or a
JSON script in the rsyslog.conf file as it will become quite cumbersome to
manage with the increasing number of customers in the future.
*
What we simply want is for all the original SYSLOG messages generated by the
rsyslog server to display the custom token automatically without any manual
configuration of the custom token in the rsyslog.conf configuration file.
Any suggestion on how to achieve this is greatly appreciated.
Below is the rsyslog.conf file used in our rsyslog Ubuntu Server VM deployment:
* # /etc/rsyslog.conf Configuration file for rsyslog.
#
# For more information see
# /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html
#
# Default logging rules can be found in /etc/rsyslog.d/50-default.conf
#################
#### MODULES ####
#################
module(load="imuxsock") # provides support for local system logging
#module(load="immark") # provides --MARK-- message capability
# provides UDP syslog reception
#module(load="imudp")
#input(type="imudp" port="514")
# provides TCP syslog reception
module(load="imtcp")
input(type="imtcp" port="6514")
# Template 1
$template RemoteSource, "/var/log/%FROMHOST-IP%.log"
*.* ?RemoteSource
# provides kernel logging support and enable non-kernel klog messages
module(load="imklog" permitnonkernelfacility="on")
###########################
#### GLOBAL DIRECTIVES ####
###########################
#
# Use traditional timestamp format.
# To enable high precision timestamps, comment out the following line.
#
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
# Filter duplicated messages
$RepeatedMsgReduction on
#
# Set the default permissions for all log files.
#
$FileOwner syslog
$FileGroup adm
$FileCreateMode 0640
$DirCreateMode 0755
$Umask 0022
$PrivDropToUser syslog
$PrivDropToGroup syslog
#
# Where to place spool and state files
#
$WorkDirectory /var/spool/rsyslog
#
# Include all config files in /etc/rsyslog.d/
#
$IncludeConfig /etc/rsyslog.d/*.conf
Rgds,
Amila
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
