Hi,
This is the output generated:
Debug line with all properties:
FROMHOST: '172.26.0.31', fromhost-ip: '172.26.0.31', HOSTNAME:
'172.26.0.31', PRI: 43,
syslogtag '', programname: '', APP-NAME: '-', PROCID: '-', MSGID: '-',
TIMESTAMP: 'Mar 21 12:03:20', STRUCTURED-DATA: '-',
msg: '<43>934417: SWPABB1ACCP01: [syslog@9 #000�#034#003H
#017���#034#003H #017�#001#001L#001�#000#000�#0
34#003�
#010�#001#001K#005�#000#000#001)#000#000�#001#000#000#000#000#000#000#000#000��#000#000#000#000�ͫ�#000#000#000#001#000#017#013�3#000#000#000#016#000#003#000#036#000#023#005�#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#00'
escaped msg: '<43>934417: SWPABB1ACCP01: [syslog@9 #000�#034#003H
#017���#034#003H #017�#001#001L#001�#000#000�#034#003�
#010�#001#001K#005�#000#000#001)#000#000�#001#000#000#000#000#000#000#000#000��#000#000#000#000�ͫ�#000#000#000#001#000#017#013�3#000#000#000#016#000#003#000#036#000#023#005�#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#00'
inputname: imtcp rawmsg: '<43>934417: SWPABB1ACCP01: [syslog@9
#000�#034#003H #017���#034#003H #017�#001#001L#001�#000#000�#034#003�
#010�#001#001K#005�#000#000#001)#000#000�#001#000#000#000#000#000#000#000#000��#000#000#000#000�ͫ�#000#000#000#001#000#017#013�3#000#000#000#016#000#003#000#036#000#023#005�#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000'
$!:
$.:
$/:
Below is the configuration in place:
$DebugFile /var/log/rsyslogdebug.log
$DebugLevel 2
template(name="RSYSLOG_DebugFormat" type="list") {
constant(value="Debug line with all properties:\nFROMHOST: '")
property(name="fromhost")
constant(value="', fromhost-ip: '")
property(name="fromhost-ip")
constant(value="', HOSTNAME: '")
property(name="hostname")
constant(value="', PRI: '")
property(name="pri")
constant(value=",\nsyslogtag '")
property(name="syslogtag")
constant(value="', programname: '")
property(name="programname")
constant(value="', APP-NAME: '")
property(name="app-name")
constant(value="', PROCID: '")
property(name="procid")
constant(value="', MSGID: '")
property(name="msgid")
constant(value="',\nTIMESTAMP: '")
property(name="timereported")
constant(value="', STRUCTURED-DATA: '")
property(name="structured-data")
constant(value="',\nmsg: '")
property(name="msg")
constant(value="'\nescaped msg: '")
property(name="msg" controlcharacters="drop")
constant(value="'\ninputname: ")
property(name="inputname")
constant(value=" rawmsg: '")
property(name="rawmsg")
constant(value="'\n$!:")
property(name="$!")
constant(value="\n$.:")
property(name="$.")
constant(value="\n$/:")
property(name="$/")
constant(value="\n\n")
}
#Modules
module(load="imtcp")
module(load="pmciscoios")
#Inputs
input(type="imtcp" port="20514" ruleset="rsyslogswitchs")
#Parsers
parser(name="custom.ciscoios.withOrigin" type="pmciscoios" present.origin="on")
#Rules
ruleset(name="rsyslogswitchs" parser="custom.ciscoios.withOrigin"){
*.* /var/log/remote-syslog/testesw3.log;RSYSLOG_DebugFormat
}
Best,
Pedro
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
