我正在尝试将来自RSyslog的日志插入到MongoDB数据库中。
存储到MongoDB中的日志必须遵循以下结构:
{
"_id" : ObjectId("55b8c845a671d907a0ab9e0b"),
"receptionTime" : "2015-06-12 14:29:45",
"reportedTime" : "2015-06-12 14:29:45",
"priority" : "6",
"facility" : "23",
"host" : "uacm3-3a-fscr01",
"service" : "apacheaccess",
"message" : "My messsage",
"syslogTag" : "apache-access-fscr:"
}
根据Rsyslog文档(http://www.rsyslog.com/doc/v8-stable/configuration/templates.html#standard-template-for-writing-to-files),我设计了以下模板:
template(name="BSON" type="list") {
constant(value="\"receptionTime\": \"")
property(name="timegenerated")
constant(value="\", \"reportedTime\": \"")
property(name="timereported")
constant(value="\", \"priority\": \"")
property(name="syslogseverity")
constant(value="\", \"facility\": \"")
property(name="syslogfacility")
constant(value="\", \"host\": \"")
property(name="hostname")
constant(value="\", \"service\": \"")
property(name="programname")
constant(value="\", \"message\": \"")
property(name="msg")
constant(value="\", \"syslogTag\": \"")
property(name="syslogtag")
constant(value="\"")
}
不幸的是,存储在MongoDB中的日志完全不符合所需的结构。这是存储的内容:
{
"_id" : ObjectId("55e715b25ea0c0a9fbbf8b0f"),
"timegenerated" : "Sep 2 17:28:50",
"timereported" : "Sep 2 15:27:57",
"syslogseverity" : "5",
"syslogfacility" : "21",
"hostname" : "uacm3-3b-acd01",
"programname" : "Sep",
"msg" : "Some message",
"syslogtag" : "Sep"
}
你对我做错了什么了解吗?
答案 0 :(得分:1)
我找到了一个解决方案,但我仍然不明白为什么前一种方法无效:
template(name="BSON" type="list") {
property(name="timegenerated" outname="receptionTime")
property(name="timereported" outname="reportedTime")
property(name="syslogseverity" outname="priority")
property(name="syslogfacility" outname="facility")
property(name="hostname" outname="host")
property(name="programname" outname="service")
property(name="msg" outname="message")
property(name="syslogtag" outname="syslogTag")
}