Can't use $msgid to filter rsyslog message #3592
Comments
|
Not sure if the old version supports that, but in current rsyslog you can disable the special parser: more info: https://www.rsyslog.com/doc/v8-stable/configuration/modules/imuxsock.html |
|
Please write a test log using the template RSYSLOG_DebugFormat, that will show
us exactly what you are receiving and then we can figure out what's happening.
David Lang
|
|
Hi Rainer Gerhards and David Lang,
I tried to use RSYSLOG_DebugFormat and log a test message and it seems there is no msgid field at all. Please see log example below: logger "Testing testing" --msgid "testmsgid" --rfc5424Debug line with all properties: Do you know why MSGID: '-'? It supposed to be "testmsgid" in this example. Thanks and regards, |
|
answer in #3592 (comment) |
|
Just to clarify in case somebody doesn't get it like me when I read this thread for the first time: Rsyslog doesn't support the RFC5424 format by default. You have to turn this "UseSpecialParser" off. Only then will it recognize this msgid field (as well as the structured-data) coming from tools like logger that support this format. Another gotcha I found is that it's impossible to write a message in this format using the POSIX |
Hi All,
I'm using rsyslog 8.4.0 and try to log a msg with RFC5424 with msgid.
For example:
logger "Testing testing" --msgid "testmsgid" --rfc5424
But when I configure the rsyslog.conf to filter the msg base on msgid, I can't see that log msg.
Here is my rsyslog.conf
if $msgid contains "testmsgid" then {
. /var/log/test.log
}
I still can see "testmsgid" in the rawmsg, but I can fetch it via variable $msgid.
Does anyone has any idea how to fetch msgid field? Or is this a known problem in rsyslog?
Thanks a lot for your support,
Tom
The text was updated successfully, but these errors were encountered: