Hi.
Which *property* would be "*queries*" when processing the following line?
01-Mar-2023 13:20:23.998 *queries*: info: client @0x7fb258b56d80
30.0.30.142#59640 (e8333.g.akamaiedge.net): view internal-view: query:
e8333.g.akamaiedge.net IN A +E(0)D (192.168.2.254)
AFAIK, *programname*, but with the following configuration it returns
*dns-query* :(
module(load="imfile")
template(name="json" type="list" option.json="on") {
constant(value="{")
constant(value="\"@source_timestamp\":\"")
property(name="timereported" dateFormat="rfc3339")
constant(value="\",\"source_message\":\"")
property(name="msg")
constant(value="\",\"source_hostname\":\"")
property(name="hostname")
constant(value="\",\"source_severity\":\"")
property(name="syslogseverity-text")
constant(value="\",\"source_facility\":\"")
property(name="syslogfacility-text")
constant(value="\",\"source_tag\":\"")
property(name="syslogtag")
constant(value="\",\"source_app\":\"")
property(name="*programname*")
constant(value="\",\"source_filename\":\"")
property(name="$.filename")
constant(value="\"}\n")
}
input(type="imfile" file="/var/log/bind/DNSquery.log" addMetadata="on" tag="
*dns-query*" ruleset="syslog")
ruleset(name="syslog") {
set $.filename = $!metadata!filename;
action(type="omfwd" target="myserver" port="514" protocol="udp"
template="json")
}
Thanks a lot for your help
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
