marius
/
gist
1
0
Fork 0
Code Issues Activity

added Rsyslog template for JSONB insert into TimescaleDB using the ompgsql module

main
marius 2023-05-06 13:21:44 +00:00
parent 4cec51bf52
commit 929f6213ee
1 changed files with 8 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
rsyslog/rsyslog/pgsql.conf
View File

@ -6,12 +6,14 @@ module (load="ompgsql")
#came from package
# *.* action(type="ompgsql" server="localhost" db="Syslog" uid="rsyslog" pwd="test")
# Legacy template for PostgreSQL
# $template pgsqlLogFormat,"INSERT INTO logs (log_data) VALUES ('%msg:jsonLogFormat%')",SQL
$template pgsqlCombinedTemplate,"INSERT INTO logs (log_data) VALUES ('{\"timestamp\":\"%timereported:::date-rfc3339%\",\"message\":\"%msg:::json%\",\"host\":\"%hostname:::json%\",\"severity\":\"%syslogseverity-text:::json%\",\"facility\":\"%syslogfacility-text:::json%\",\"syslogtag\":\"%syslogtag:::json%\"}')",SQL
# Template for std PostgreSQL
# $template pgsqlCombinedTemplate,"INSERT INTO logs (log_data) VALUES ('{\"timestamp\":\"%timereported:::date-rfc3339%\",\"message\":\"%msg:::json%\",\"host\":\"%hostname:::json%\",\"severity\":\"%syslogseverity-text:::json%\",\"facility\":\"%syslogfacility-text:::json%\",\"syslogtag\":\"%syslogtag:::json%\"}')",SQL
# Template for TimescaleDB with index
$template pgsqlCombinedTemplate,"INSERT INTO logs (timestamp, log_data) VALUES ('%timereported:::date-rfc3339%', '{\"timestamp\":\"%timereported:::date-rfc3339%\",\"message\":\"%msg:::json%\",\"host\":\"%hostname:::json%\",\"severity\":\"%syslogseverity-text:::json%\",\"facility\":\"%syslogfacility-text:::json%\",\"syslogtag\":\"%syslogtag:::json%\"}')",SQL
# Save incoming logs to PostgreSQL DB with caching
if $fromhost-ip != '127.0.0.1' then {
action(type="ompgsql" server="localhost" user="myuser" pass="mypassword" db="logs" template="pgsqlCombinedTemplate" queue.type="LinkedList" queue.size="10000" queue.workerThreads="2" queue.dequeueBatchSize="100" queue.highWatermark="8000" queue.lowWatermark="2000" queue.discardSeverity="0" queue.discardMark="9750")
}
action(type="ompgsql" server="localhost" user="logs_user" pass="logs_user_password" db="logs" template="pgsqlCombinedTemplate" queue.type="LinkedList" queue.size="10000" queue.workerThreads="2" queue.dequeueBatchSize="100" queue.highWatermark="8000" queue.lowWatermark="2000" queue.discardSeverity="0" queue.discardMark="9750")
}