How to use set variable and exec_template
As of version 7.5.8, 8.1.4 and the soon to be released 7.6.0, there is a new function available. You can now fill variables with dynamic data through a template. The new function is called exec_template.
Basically, you will set a variable with either a static value or from a given property as described before. But there are cases, where this is not appropriate. For example, if you want to filter for some specific data from $msg, but cannot use the filter on the whole property because of possible multiple occurences. Please note, that the following is just a basic example and exec_template can be used for a large variety of other cases as well.
First, we need to define a template. In our case, we want to extract a specific field from the $msg property.
template(name="extract" type="string" string="%msg:F:5%")
If this template was used to write to a file, the output would resemble the fifth field from a TAB delimited log message. This could also be more specific to extract only specific characters from a field, delimited by other characters than TAB. Or you could even use complex regex functions in the template to extract the data you want.
Now we need to fill a custom variable. This is where exec_template will be used.
set $!xyz = exec_template("extract");
Instead of a already known value or property name, we call the function and give it the template that should be executed. This will result in the variable being filled with the content of the fifth field from %msg property. Now you can use this variable for filters or even other templates. Here are some examples:
if $!xyz contains 'abc' then {action()}
template(name="DynaFile" type="string" string="/var/log/%$!xyz%-data/%timereported%-%$!xyz%.log")
As you can see there are many useful possibilities and using exec_template is rather easy.
If you have additional ideas for use-cases that should be described, please let us know.
rsyslog 7.5.8 (v7-devel) released
Users are suggested to try out this versions and report errors. If we don’t learn of serious problems, we will most probably release 7.6.0 next week based on this code here.
More detailed information is available in the changelog.
ChangeLog:
http://www.rsyslog.com/changelog-for-7-5-8-v7-devel/
Download:
http://www.rsyslog.com/rsyslog-7-5-8-v7-devel/
As always, feedback is appreciated.
Best regards,
Florian Riedl
rsyslog 7.5.8 (v7-devel)
Download file name: rsyslog 7.5.8 (devel)
rsyslog 7.5.8 (devel)
sha256 hash: 38a8b5be53feaae9225e46f2c93d7c
Author: Rainer Gerhards (rgerhards@adiscon.com)
Version: 7.5.8 File
size: 2.595 MB
Changelog for 7.5.8 (v7-devel)
Version 7.5.8 [v7-release candidate] 2014-01-09
- add exec_template() RainerScript function
- add debug.onShutdown and debug.logFile global paramters
These enebale the new “debug on shutdown” mode, which can be used to track hard to find problems that occur during system shutdown. - Add directives for numerically specifying GIDs/UIDs
The already present directives (FileOwner, FileGroup, DirOwner, DirGroup) translate names to numerical IDs, which depends on the user information being available during rsyslog’s startup. This can fail if the information is obtained over a network or from a service such as SSSD. The new directives provide a way to specify the numerical IDs directly and bypass the lookup.
Thanks to Tomas Heinrich for the patch. - actions now report if they suspend and resume themselves
this is by default on and controllable by the action.reportSuspension global parameter - bugfix: omelasticsearch fail.es stats counter was improperly maintained
- bugfix: mmrfc5424addhmac: “key” parameter was not properly processed
- add new impstats action counters:
- * suspended
- * suspended.duration
- * resumed