How to use set variable and exec_template

As of version 7.5.8, 8.1.4 and the soon to be released 7.6.0, there is a new function available. You can now fill variables with dynamic data through a template. The new function is called exec_template.

Basically, you will set a variable with either a static value or from a given property as described before. But there are cases, where this is not appropriate. For example, if you want to filter for some specific data from $msg, but cannot use the filter on the whole property because of possible multiple occurences. Please note, that the following is just a basic example and exec_template can be used for a large variety of other cases as well.

First, we need to define a template. In our case, we want to extract a specific field from the $msg property.

template(name="extract" type="string" string="%msg:F:5%")

If this template was used to write to a file, the output would resemble the fifth field from a TAB delimited log message. This could also be more specific to extract only specific characters from a field, delimited by other characters than TAB. Or you could even use complex regex functions in the template to extract the data you want.

Now we need to fill a custom variable. This is where exec_template will be used.

set $!xyz = exec_template("extract");

Instead of a already known value or property name, we call the function and give it the template that should be executed. This will result in the variable being filled with the content of the fifth field from %msg property. Now you can use this variable for filters or even other templates. Here are some examples:

if $!xyz contains 'abc' then {action()}
template(name="DynaFile" type="string" string="/var/log/%$!xyz%-data/%timereported%-%$!xyz%.log")

As you can see there are many useful possibilities and using exec_template is rather easy.

If you have additional ideas for use-cases that should be described, please let us know.

rsyslog 8.1.4 (v8-devel) released

We have just released 8.1.4 of the v8-devel branch.

This release adds the capability to set a variable based on a template. It also adds KEEPALIVE support to the RELP modules (which now require librelp 1.2.2+ for this reason). It also adds some usability enhancements and bug fixes.

Note that this release can be considered a “normal” devel version, with moderate risk associated to it. Experience in the past weeks suggest so. Special thanks to Pavel Levshin for all his work and tests. Still note that there is a considerably higher risk running the devel version than the stable one.





Feedback is *very much* appreciated.

Best regards,
Florian Riedl

Changelog for 8.1.4 (v8-devel)

Version 8.1.4 [devel] 2014-01-10

  • add exec_template() RainerScript function
  • imrelp: support for TCP KEEPALIVE added
  • bumped librelp dependency to 1.2.2 to support new KEEPALIVE feature
  • Add directives for numerically specifying GIDs/UIDs
    The already present directives (FileOwner, FileGroup, DirOwner, DirGroup) translate names to numerical IDs, which depends on the user information being available during rsyslog’s startup. This can fail if the information is obtained over a network or from a service such as SSSD. The new directives provide a way to specify the numerical IDs directly and bypass the lookup.
    Thanks to Tomas Heinrich for the patch.
  • bugfix: action commitTransaction() processing did not properly handle suspended actions
  • bugfix: omelasticsearch fail.es stats counter was improperly maitained
Scroll to top