Rsyslog filter to load module
Hey everyone
I'm facing a problem right now :
I have a first machine (we will call it A), on which i've installed a Zabbix server, to monitor some other servers.
I would like to monitor the syslog daemon. And then i found : omsnmp, a rsyslog module which is able to send SNMP traps to my Zabbix machine A.
But, the problem is that, the syslog is too much important, and i don't want to send every message (information, warning, critical, ...)
I would like to send only critical messages present in syslog.
But, i don't have any parameter in the module omsnmp to specify the filter.
I would like to know, using http://www.rsyslog.com/doc/rsyslog%255Fconf%255Ffilter.html this documentation, if i'm able to do something like :
if $severity== 'critical' then {
*.* action(type="omsnmp" parameters ??") <- i load the module with parameters
}
Any help would be appreciated,
Waiting for any answers, or tracks to follow
Thanks,
sleakerz
Responses
Hello
The Red Hat Enterprise Linux 7 System Administrator's Guide has a section on "FACILITY.PRIORITY" filters, which is what I think you are looking for. See the Filters section under "Basic Configuration of Rsyslog".
BTW, be cautious in using docs which are a different version to the version of rsyslog you are using.
The upstream latest version of rsyslog and, therefore, the version on which the documentation is based is Version 8.28.0 [v8-stable] 2017-06-27. The current version on RHEL7 is based on the 7.4 version. Check the v7-stable documentation, just to be sure you have the supported options in place.
You can also see a list of api_errors for the omsnmp module on GitHub/rsyslog.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
