Rsyslog filter to load module

Latest response

Hey everyone

I'm facing a problem right now :

I have a first machine (we will call it A), on which i've installed a Zabbix server, to monitor some other servers.

I would like to monitor the syslog daemon. And then i found : omsnmp, a rsyslog module which is able to send SNMP traps to my Zabbix machine A.

But, the problem is that, the syslog is too much important, and i don't want to send every message (information, warning, critical, ...)

I would like to send only critical messages present in syslog.

But, i don't have any parameter in the module omsnmp to specify the filter.

I would like to know, using http://www.rsyslog.com/doc/rsyslog%255Fconf%255Ffilter.html this documentation, if i'm able to do something like :

if $severity== 'critical' then {
   *.* action(type="omsnmp" parameters ??")  <- i load the module with parameters

}

Any help would be appreciated,

Waiting for any answers, or tracks to follow

Thanks,
sleakerz

Responses

Hello

The Red Hat Enterprise Linux 7 System Administrator's Guide has a section on "FACILITY.PRIORITY" filters, which is what I think you are looking for. See the Filters section under "Basic Configuration of Rsyslog".

BTW, be cautious in using docs which are a different version to the version of rsyslog you are using.

Hey, Thanks for the answer :)

But, i know this, and sorry if my question isn't clear.

I'm already loading a module (omnsmp) with these lines :

$ModLoad omsnmp $actionsnmptransport udp $actionsnmptarget 129.183.11.170 $actionsnmptargetport 162 $actionsnmpversion 1 $actionsnmpcommunity public . :omsnmp:

I would like to know, using these filters, if i'm able to load a module if my test on the filter is good.

like : if kern.* then loadmodule with kern.* a filter ? :(

The upstream latest version of rsyslog and, therefore, the version on which the documentation is based is Version 8.28.0 [v8-stable] 2017-06-27. The current version on RHEL7 is based on the 7.4 version. Check the v7-stable documentation, just to be sure you have the supported options in place. You can also see a list of api_errors for the omsnmp module on GitHub/rsyslog.

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.