• Home
  • Work
  • Blog
  • Security
  • Links
  • Archive for September, 2016

    Rsyslog + Elasticsearch/Redis backend template


    2016 - 09.19

    Here is example of template when using redis or Elasticsearch backend for rsyslog. Very usefull along with logstash and kibana.

     

    module(load="omhiredis")
    template(name="ls_json" type="list" option.json="on")
       { constant(value="{")
         constant(value="\"timestamp\":\"")         property(name="timegenerated" dateFormat="rfc3339")
         constant(value="\",\"message\":\"")         property(name="msg")
         constant(value="\",\"host\":\"")            property(name="fromhost")
         constant(value="\",\"host_ip\":\"")         property(name="fromhost-ip")
         constant(value="\",\"logsource\":\"")       property(name="fromhost")
         constant(value="\",\"severity_label\":\"")  property(name="syslogseverity-text")
         constant(value="\",\"severity\":\"")        property(name="syslogseverity")
         constant(value="\",\"facility_label\":\"")  property(name="syslogfacility-text")
         constant(value="\",\"facility\":\"")        property(name="syslogfacility")
         constant(value="\",\"program\":\"")         property(name="programname")
         constant(value="\",\"pid\":\"")             property(name="procid")
         constant(value="\",\"syslogtag\":\"")       property(name="syslogtag")
         constant(value="\"}\n")
       } 
    *.* action(
      name="push_redis"
      type="omhiredis"
      server="127.0.0.1"
      mode="queue"
      key="syslog"
      template="ls_json"
    )