From 929f6213ee7b83718df5b4e537096c478def3a57 Mon Sep 17 00:00:00 2001 From: marius Date: Sat, 6 May 2023 13:21:44 +0000 Subject: [PATCH] added Rsyslog template for JSONB insert into TimescaleDB using the ompgsql module --- rsyslog/rsyslog/pgsql.conf | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/rsyslog/rsyslog/pgsql.conf b/rsyslog/rsyslog/pgsql.conf index 026a554..0d4fcd5 100644 --- a/rsyslog/rsyslog/pgsql.conf +++ b/rsyslog/rsyslog/pgsql.conf @@ -6,12 +6,14 @@ module (load="ompgsql") #came from package # *.* action(type="ompgsql" server="localhost" db="Syslog" uid="rsyslog" pwd="test") -# Legacy template for PostgreSQL -# $template pgsqlLogFormat,"INSERT INTO logs (log_data) VALUES ('%msg:jsonLogFormat%')",SQL -$template pgsqlCombinedTemplate,"INSERT INTO logs (log_data) VALUES ('{\"timestamp\":\"%timereported:::date-rfc3339%\",\"message\":\"%msg:::json%\",\"host\":\"%hostname:::json%\",\"severity\":\"%syslogseverity-text:::json%\",\"facility\":\"%syslogfacility-text:::json%\",\"syslogtag\":\"%syslogtag:::json%\"}')",SQL +# Template for std PostgreSQL +# $template pgsqlCombinedTemplate,"INSERT INTO logs (log_data) VALUES ('{\"timestamp\":\"%timereported:::date-rfc3339%\",\"message\":\"%msg:::json%\",\"host\":\"%hostname:::json%\",\"severity\":\"%syslogseverity-text:::json%\",\"facility\":\"%syslogfacility-text:::json%\",\"syslogtag\":\"%syslogtag:::json%\"}')",SQL + +# Template for TimescaleDB with index +$template pgsqlCombinedTemplate,"INSERT INTO logs (timestamp, log_data) VALUES ('%timereported:::date-rfc3339%', '{\"timestamp\":\"%timereported:::date-rfc3339%\",\"message\":\"%msg:::json%\",\"host\":\"%hostname:::json%\",\"severity\":\"%syslogseverity-text:::json%\",\"facility\":\"%syslogfacility-text:::json%\",\"syslogtag\":\"%syslogtag:::json%\"}')",SQL + # Save incoming logs to PostgreSQL DB with caching if $fromhost-ip != '127.0.0.1' then { - action(type="ompgsql" server="localhost" user="myuser" pass="mypassword" db="logs" template="pgsqlCombinedTemplate" queue.type="LinkedList" queue.size="10000" queue.workerThreads="2" queue.dequeueBatchSize="100" queue.highWatermark="8000" queue.lowWatermark="2000" queue.discardSeverity="0" queue.discardMark="9750") -} - + action(type="ompgsql" server="localhost" user="logs_user" pass="logs_user_password" db="logs" template="pgsqlCombinedTemplate" queue.type="LinkedList" queue.size="10000" queue.workerThreads="2" queue.dequeueBatchSize="100" queue.highWatermark="8000" queue.lowWatermark="2000" queue.discardSeverity="0" queue.discardMark="9750") +} \ No newline at end of file