mmtaghostname: message modification module

Module Name: mmtaghostname
Authors: Jean-Philippe Hilaire <jean-philippe.hilaire@pmu.fr> & Philippe Duveau <philippe.duveau@free.fr>

Purpose

As a message modification, it can be used in a different step of the message processing without interfering in the parsers’ chain process and can be applied before or after parsing process using rulesets.

The purposes are :

  • to add a tag on message produce by input module which does not provide a tag like imudp or imtcp. Useful when the tag is used for routing the message.
  • to force message hostname to the rsyslog valeur. AWS Use case : applications in auto-scaling systems provides logs to rsyslog through udp/tcp. As a result of auto-scaling, the name of the host is based on an ephemeral IPs (short term meaning). In this situation rsyslog local hostname is generally closed to businesss rule. So replacing hostanme received by the rsyslog local Hostname provide values to the logs collected.

Compile

To successfully compile mmtaghostname module.

./configure --enable-mmtaghostname ...

Configuration Parameters

Tag

type mandatory format default
string no   none

The tag to be assigned to messages modified. If you would like to see the colon after the tag, you need to include it when you assign a tag value, like so: tag="myTagValue:".

If this attribute is no provided, messages tags are not modified.

ForceLocalHostname

type mandatory format default
Binary no   off

This attribute force to set the HOSTNAME of the message to the rsyslog value “localHostName”. This allow to set a valid value to message received received from local application through imudp or imtcp.

Sample

In this sample, the message received is parsed by RFC5424 parser and then the HOSTNAME is overwritten and a tag is setted.

module(load='mmtaghostname')
module(load='imudp')
global(localhostname="sales-front")

ruleset(name="TagUDP" parser=[ "rsyslog.rfc5424" ]) {
    action(type="mmtaghostname" tag="front" forcelocalhostname="on")
    call ...
}
input(type="imudp" port="514" ruleset="TagUDP")

See also

Help with configuring/using Rsyslog:

  • Mailing list - best route for general questions
  • GitHub: rsyslog source project - detailed questions, reporting issues that are believed to be bugs with Rsyslog
  • Stack Exchange (View, Ask) - experimental support from rsyslog community

See also

Contributing to Rsyslog: