[rsyslog] Remote log files without Line separator

Alberto via rsyslog Wed, 08 Jan 2025 06:25:55 -0800

Hi everybody:

I have a logserver in a Docker container with "oficial" image
(Rsyslog/syslog_appliance_alpine) running succesfully, and getting logs from
Physical hosts from my LAN and anothers Docker containers hosted locally.

 

I having a problem with a Router TP-Link with Openwrt system that is sending
logs to my Logserver. This is their configuration:

 

root@wrt:~# cat /etc/config/system

        option hostname 'wrt'

        option log_hostname 'wrt'

        option zonename 'Europe/Madrid'

        #option timezone 'UTC'

        option timezone 'CET-1CEST,M3.5.0,M10.5.0/3'

        option log_ip 'IP HOST LOGSERVER'

        option log_port '514'

        option log_proto 'tcp'

        option log_remote '1'

        option cronloglevel '0'

        option conloglevel '8'

        option klogconloglevel '8'

        option log_prefix 'openwrt'

        option log_size 64

        #option buffersize 1024

        option log_trailer_null \0

        option log_file '/var/log/messages'

 

 

I've set TCP option because UDP isn't running (I don't know why).

Logserver receive their all logs in one line, without separate any line,
with this format:

 

.

openwrt: hostapd: wlan0: STA 1e:bf:ce:0c:54:a4 WPA: group key handshake
completed (RSN)openwrt: hostapd: wlan0: STA 20:57:9e:6e:24:6b WPA: group key
handshake completed (RSN)openwrt: hostapd: wlan0: STA 1e:bf:ce:0c:54:a4 WPA:
group key handshake completed (RSN)openwrt: hostapd: wlan0: STA
20:57:9e:6e:24:6b WPA: group key handshake completed (RSN)

.

 

With this template:

 

template(name="tFileFormatwrt" type="list") {

    property(name="timereported" dateformat="year")

    property(name="timereported" dateformat="month")

    property(name="timereported" dateformat="day")

    constant(value="-")

    property(name="timereported" dateformat="hour")

    constant(value=":")

    property(name="timereported" dateformat="minute")

    constant(value=":")

    property(name="timereported" dateformat="second")

    constant(value=" ")

    #property(name="syslogtag")

    property(name="app-name")

    constant(value=" ")

    property(name="msg")

    constant(value="\n")

}

 

And if I set Debug with this template:

 

template(name="tLogDEBUG" type="list") {

    constant(value="Debug line with all properties:\nFROMHOST: '")

    property(name="fromhost")

    constant(value="'\nHOSTNAME: '")

    property(name="hostname" caseConversion="lower")

    constant(value="'\nPROGRAMNAME: '")

    property(name="programname" caseConversion="lower")

    constant(value="'\nFROMHOST-IP: '")

    property(name="fromhost-ip" caseConversion="lower")

    constant(value="'\nSYSLOGTAG: '")

    property(name="syslogtag" caseConversion="lower")

    constant(value="-")

    constant(value="'\nAPP-NAME: '")

    property(name="app-name" caseConversion="lower")

    constant(value="'\nPROCID: '")

    property(name="procid" caseConversion="lower")

    constant(value="'\nMSGID: '")

    property(name="msgid" caseConversion="lower")

    constant(value="'\nINPUTNAME: '")

    property(name="inputname" caseConversion="lower")

    constant(value="'\nPRI: '")

    property(name="pri")

    constant(value="'\nSTRUCTURED-DATA: ")

    property(name="structured-data")

    constant(value="',\nMSG: '")

    property(name="msg" controlcharacters="drop")

    constant(value="',\nRAWMSG: '")

    property(name="rawmsg")

    constant(value="\n\n")

}

 

I receive in this format:

 

Debug line with all properties:

FROMHOST: '172.20.0.1'

HOSTNAME: '172.20.0.1'

PROGRAMNAME: 'openwrt'

FROMHOST-IP: '172.20.0.1'

SYSLOGTAG: 'openwrt:-'

APP-NAME: 'openwrt'

PROCID: '-'

MSGID: '-'

INPUTNAME: 'imtcp'

PRI: '13'

STRUCTURED-DATA: -',

MSG: ' logread[749]: Logread connected to 192.168.5.10:514openwrt: hostapd:
wlan0: STA 1e:bf:ce:0c:54:a4 WPA: group key handshake completed
(RSN)openwrt: hostapd: wlan1: STA 20:57:9e:6e:24:6b WPA: group key handshake
completed (RSN)openwrt: netifd: lan (885): Sending renew...openwrt: netifd:
lan (885): Lease of 192.168.5.11 obtained, lease time 3600openwrt: syslog: -
shutdown -',

RAWMSG: 'openwrt: logread[749]: Logread connected to
192.168.5.10:514openwrt: hostapd: wlan0: STA 1e:bf:ce:0c:54:a4 WPA: group
key handshake completed (RSN)openwrt: hostapd: wlan1: STA 20:57:9e:6e:24:6b
WPA: group key handshake completed (RSN)openwrt: netifd: lan (885): Sending
renew...openwrt: netifd: lan (885): Lease of 192.168.5.11 obtained, lease
time 3600openwrt: syslog: - shutdown -

 

I don't know how to save logs from this host, with the Line separator in
each real line, because source host don't look send it.

 

Any idea?

 

Thank you

Best Regards,

 

Alberto

_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

[rsyslog] Remote log files without Line separator

Reply via email to