good afternoon
I want to import text files into rsyslog using the imfile file input module. However, rsyslog does not parse the contents of the text files as I expected, and I am struggling to find the documentation exactly how to do this. To verify the installation, I read from a text file with imfile and then write logs to another text file with omfile.
The contents of the text file is a log in the standard syslog format:
<PRI>TIMESTAMP HOSTNAME MESSAGE
An example of a text file (example_file.txt.) That I want to import into Rsyslog is as follows:
<34>Feb 15 12:12:12 hostname1 tag1: message1 <34>Feb 16 12:12:12 hostname2 tag2: message2 <34>Feb 17 12:12:12 hostname3 tag3: message3
My configuration file for rsyslog in rsyslog-d is as follows:
module(load = "imfile") input(type = "imfile" file = "/home/.../Desktop/example_file.txt" Tag = "example") action(type = "omfile" file = "/home/.../Desktop/example_output.log")
The result in example_output.log looks like this:
Feb 15 17:10:21 username example <34>Feb 15 12:12:12 hostname1 tag1: message1 Feb 15 17:10:21 username example <34>Feb 16 12:12:12 hostname1 tag2: message2 Feb 15 17:10:21 username example <34>Feb 17 12:12:12 hostname1 tag3: message3
As you can see, all the contents from the example_file.txt file are placed in the MSG field of the resulting log in example_output.log instead of using the field information and placing them in the right places, for example. TIMESTAMP, HOSTNAME, TAG, MSG. I played with different formats in a TXT file or even saved a .txt file as a .log file, but rsyslog every time puts all the content in the MSG field.
My question is:
How can I tell rsyslog and imfile that my .txt content is actually a log and is parsing it correctly?
Consider:
source share