Trigger - Integration RSyslog

Integrate with RSyslog

Prerequisites

Define the Syslog event to monitor

  • Go to directory containing your "rsyslog.conf" file (this should be /etc).

  • Edit "rsyslog.conf" file.

  • Go at the end of the file.

  • Add the following line, that defines a template output:


$template t_orsyp_trigger,"%programname%|%hostname%|%syslogfacility%|%syslogseverity%|%timereported%|%msg%"


  • Add the following line, that defines which kind of events you want to monitor:


{FACILITY}.{SEVERITY} ^{PATH_TO_YOUR_SCRIPT};t_orsyp_trigger


Where {FACILITY} and {SEVERITY} give a first filter on the Syslog events you want to trigger.
{PATH_TO_YOUR_SCRIPT} indicates the path to the given script that will launch the $U trigger.
If you want to trigger several Syslog events, you can add other lines of that kind. You could have for example, something like:


kern.* ^/var/opt/ORSYP/DUAS/rsyslog_event_trigger.sh;t_orsyp_trigger



auth.* ^/var/opt/ORSYP/DUAS/rsyslog_event_trigger.sh;t_orsyp_trigger



*.crit ^/var/opt/ORSYP/DUAS/rsyslog_event_trigger.sh;t_orsyp_trigger


NB: You can only filter the Syslog events by their facility and their severity here. If you want more advanced filters, this should be done on $U side.
NB: For performance considerations, you should avoid having a line like that:



*.* ^{PATH_TO_YOUR_SCRIPT};t_orsyp_trigger



Define which $U node to target

  • Inform the attributes giving the definition of the target $U node:


    • host: The hostname of the $U node.

    • port: The port number of the $U api.

    • area: The target area.



  • Inform the attributes giving the way you are going to authenticate yourself to $U node:


NB: You must inform either the authentication key or your credentials.
NB: If you inform both the authentication key and your credentials, only the authentication will be taken into account.

  • authentication_key: The authentication key you got via UVC. OR

  • user / password: Your credentials.

  • [optional] You can modify the event type that will be raised on $U. By default this event type is: "SYSLOG_EVENT".

  • Save and close the script.

  • Ensure that the script is executable by the rsyslog server.


Event properties
The given script transmit, by default, the following event properties:

  • PROGRAM: The name of the program that raised the Syslog event.

  • HOST: The host of this program.

  • FACILITY: The Syslog facility level numeric value (cf. http://en.wikipedia....Facility_levels).

  • SEVERITY: The Syslog severity level numeric value (cf. http://en.wikipedia....Severity_levels).

  • DATE: The date/time when the Syslog event has been raised.

  • MESSAGE: The message of the Syslog event.


Customize the transmitted event properties
If you want to add or remove some event properties, you should modify the t_orsyp_trigger template or add a new one.
The template have to be like this: "%property1%|%property2%|...|%propertyN%"
With '|' separating each considered property.
Please refer to this page for the list of the available properties: http://www.rsyslog.c...y_replacer.html.
Then, you also need modify the given script accordingly.
Just search for the following comment to find the places where you have to modify the script:


# You should modify these lines if you modify the list of considered event properties



Output
Basically, the output of the script will be something like:

Script launched at {DATE}
Login on {HOST}:{PORT} --> Success
Send event TEST --> Incomplete
=> Trigger: TEST1 --> Launch number: XXXXXXX
=> Trigger: TEST2 --> Error 1023: Only provoked tasks can be triggered.
Logout --> Success


Then the output gives you basic trigger related operations:

  • Login (if no authentication key given)

  • Event type launch

  • Logout (if no authentication key given)


It will give you the launch number of the launched jobs, or the code and error message if a launch has failed.
NB: By default this is logged into a .log file with the same name as your script. You can transform it to a console output by modifying the log_to_file attribute value to "0".

Operating Systems


Versions

This plugin has no official releases yet

Created by....

A member of the Automic Community


Login to View or Leave Comments