Skip to main content

Rsyslog Properties

To use Rsyslog well, it is essential to create a template that fits the desired output format, and this is an essential function of Rsyslog. We will deal with the detailed template later, and first of all, let's see what a template is.

The main contents introduced in the Rsyslog document are as follows.
  • Key Feature of Rsyslog
  • It makes the format the user wants.
  • It dynamically creates a file.
  • Provides a customizing function to database users by using appropriate SQL.

Template Example

template(name="tpl1" type="list") {
constant(value="Syslog MSG is: '")
property(name="msg")
constant(value="', ")
property(name="timereported" dateFormat="rfc3339" caseConversion="lower")
constant(value="\n")
}








If you define a template as above, you can output a specific log accordingly. However, to define a template, you need to know the properties used in Rsyslog. In this post, I will try to summarize Rsyslog properties.

Properties

Description

msg 

message part of rsyslog

fromhost 

hostname of the system to transmit

fromhost-ip

same as hostname but IP address

syslogtag

Syslog Messasge TAG 

programname

Static part of tag defined in BSD syslogd

pri

PRI value of syslog message

syslogfacility

facility of syslog message

syslogfacility-text

Syslog Message's facility text form

syslogseverity

Syslog Message's sverity numerical form

syslogseverity-text

Syslog Message's severity text form

timegenerated

timestamp of received time 

timereported   

timestamp of reported time

timestamp

same of timereported

app-name

APP-NAME field defined in IETF draft draft-ietf-syslog-protocol

You will mainly write templates by using the above Properties. Next, let's create a template with an example.
Labels:

Comments

Post a Comment

Popular posts from this blog

FCAPS: Major Functions of Management System(NMS, EMS)

  When defining the functions of NMS and EMS, it is often referred to as FCAPS. FCAPS stands for Fault, Configuration, Account, Performance, and Security. The functions of a normal management system are all included in this category. Let's take a look at each function.   Fault Management Fault means unavailable status. When talking about a fault, it is usually referred to as an alarm. Fault and alarm are not specifically distinguished, but to be strict, fault can be considered to mean a phenomenon in which a fault occurred in the system, and faults are classified into hardware and software. Alarm defines in detail about a fault that has occurred and informs the operator when a fault occurs.   According to the definition of the standard document, Alarm usually has Severity, Probable Cause, Category, and additionally includes location information. A brief look at each definition is as follows.   Severity: Severity is defined as Critical Major, Minor, Warn...
Post a Comment
Read more

What is NMS and EMS

First of all, NMS is an abbreviation for Network Management System, and EMS is an abbreviation for Element Management System. TMN, a very old standard document, describes the two as concepts such as NM, EM, and NE. We will look at the relevant standard documents when there is an opportunity in the future, and first, let's look at a schematic concept. In order to efficiently operate and manage network equipment, NMS and EMS suitable for the service area are required. In general, in the case of wired networks, NMS is often operated alone, and in the case of mobile communication networks, EMS is required in addition to NMS. In this article, we will examine the concept of the overall management system and explain the differences between NMS and EMS. Management System refers to a GUI system that performs network management functions, usually represented by FCAPS. Here, FCAPS means the following five functions. l   Fault Management  l   Configuration Management l   Accou...
Post a Comment
Read more

SNMP Overview

Simple Network Management Protocol (SNMP) is a Management Protocol most used in network management systems. More than 70% of the world's network equipment supports SNMP, and as it has a long history, it is easy to develop and verify with various tools and libraries that have already been verified.   On the other hand, the simple structure of GET, SET, and NOTIFICATION is not easy to standardize, and it is difficult to implement various OAM functions. There are many standard MIBs defined by IETF(RFC xxxx), and large equipment manufacturers basically support them, but m ost of the MIBs required for operation are supported as private MIBs, and the main functions are often vendor specific.   As a result, Service Providers requested a standardized operation plan, which became the background for NETCONF and others. Nevertheless, since SNMP is still the most widely used protocol, so it is essential to understand the management system. The history of SNMP As the Internet based...
Post a Comment
Read more