Trigger - Integration RSyslog

Integrate with RSyslog


Define the Syslog event to monitor

  • Go to directory containing your "rsyslog.conf" file (this should be /etc).

  • Edit "rsyslog.conf" file.

  • Go at the end of the file.

  • Add the following line, that defines a template output:

$template t_orsyp_trigger,"%programname%|%hostname%|%syslogfacility%|%syslogseverity%|%timereported%|%msg%"

  • Add the following line, that defines which kind of events you want to monitor:


Where {FACILITY} and {SEVERITY} give a first filter on the Syslog events you want to trigger.
{PATH_TO_YOUR_SCRIPT} indicates the path to the given script that will launch the $U trigger.
If you want to trigger several Syslog events, you can add other lines of that kind. You could have for example, something like:

kern.* ^/var/opt/ORSYP/DUAS/;t_orsyp_trigger

auth.* ^/var/opt/ORSYP/DUAS/;t_orsyp_trigger

*.crit ^/var/opt/ORSYP/DUAS/;t_orsyp_trigger

NB: You can only filter the Syslog events by their facility and their severity here. If you want more advanced filters, this should be done on $U side.
NB: For performance considerations, you should avoid having a line like that:

*.* ^{PATH_TO_YOUR_SCRIPT};t_orsyp_trigger

Define which $U node to target

  • Inform the attributes giving the definition of the target $U node:

    • host: The hostname of the $U node.

    • port: The port number of the $U api.

    • area: The target area.

  • Inform the attributes giving the way you are going to authenticate yourself to $U node:

NB: You must inform either the authentication key or your credentials.
NB: If you inform both the authentication key and your credentials, only the authentication will be taken into account.

  • authentication_key: The authentication key you got via UVC. OR

  • user / password: Your credentials.

  • [optional] You can modify the event type that will be raised on $U. By default this event type is: "SYSLOG_EVENT".

  • Save and close the script.

  • Ensure that the script is executable by the rsyslog server.

Event properties
The given script transmit, by default, the following event properties:

  • PROGRAM: The name of the program that raised the Syslog event.

  • HOST: The host of this program.

  • FACILITY: The Syslog facility level numeric value (cf. http://en.wikipedia....Facility_levels).

  • SEVERITY: The Syslog severity level numeric value (cf. http://en.wikipedia....Severity_levels).

  • DATE: The date/time when the Syslog event has been raised.

  • MESSAGE: The message of the Syslog event.

Customize the transmitted event properties
If you want to add or remove some event properties, you should modify the t_orsyp_trigger template or add a new one.
The template have to be like this: "%property1%|%property2%|...|%propertyN%"
With '|' separating each considered property.
Please refer to this page for the list of the available properties: http://www.rsyslog.c...y_replacer.html.
Then, you also need modify the given script accordingly.
Just search for the following comment to find the places where you have to modify the script:

# You should modify these lines if you modify the list of considered event properties

Basically, the output of the script will be something like:

Script launched at {DATE}
Login on {HOST}:{PORT} --> Success
Send event TEST --> Incomplete
=> Trigger: TEST1 --> Launch number: XXXXXXX
=> Trigger: TEST2 --> Error 1023: Only provoked tasks can be triggered.
Logout --> Success

Then the output gives you basic trigger related operations:

  • Login (if no authentication key given)

  • Event type launch

  • Logout (if no authentication key given)

It will give you the launch number of the launched jobs, or the code and error message if a launch has failed.
NB: By default this is logged into a .log file with the same name as your script. You can transform it to a console output by modifying the log_to_file attribute value to "0".

Operating Systems


This plugin has no official releases yet

Created by....

A member of the Automic Community

Login to View or Leave Comments