Difference between revisions of "Plugin:sysevent"
(Add plugin page for sysevent)
Latest revision as of 15:11, 24 March 2020
|Callbacks:||init, config, read, shutdown|
|Copyright:|| 2017 Red Hat|
|List of Plugins|
This plugin utilizes a network socket to listen for incoming rsyslog messages.
While running, two threads are used:
- The main read thread, to read semaphore-protected shared memory.
- A blocking listening thread that waits for rsyslog messages on a socket and writes them to shared memory (a ring buffer).
The listening thread waits for incoming messages and writes them into the ring buffer. All messages are stored. The read thread then wakes at plugin interval and steps through new messages in the ring buffer. What happens next depends on configuration and message content:
- The plugin will try to parse the whole message as JSON data. If the parsing succeeds, the plugin breaks the message into its constituent elements for filtering and dispatching.
- If any RegexFilters are configured, the "message" portion of the message must match at least one of these filters. The "message" portion is only available if JSON parsing succeeded in step 1. If JSON parsing failed, the whole of the message content is considered for filtering purposes.
- Using data available from the message (individual key/value pairs of data, if JSON parsing succeeded), a notification is constructed and dispatched.
<Plugin sysevent> Listen "192.168.0.2" "6666" BufferSize 1024 BufferLength 10 RegexFilter "regex" </Plugin>
|Listen host port||Listen on this IP on this port for incoming rsyslog messages.|
|BufferSize length|| Maximum allowed size for incoming rsyslog messages. Messages that exceed
this number will be truncated to this size. Default is 4096 bytes.
|BufferLength length|| Maximum number of rsyslog events that can be stored in plugin's ring buffer.
By default, this is set to 10. Once an event has been read, its location becomes available for storing a new event.
|RegexFilter regex|| Enumerate a regex filter to apply to all incoming rsyslog messages. If a
message matches this filter, it will be published.
None yet. Add one now!
- Plugin that monitors rsyslog for system events added in 5.10.